Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Can a malware-infected Wine reveal information about my network?

  1. #1
    Join Date
    Jun 2014
    Beans
    265

    Can a malware-infected Wine reveal information about my network?

    Suppose Wine got infected with a virus that installs a backdoor in Wine, and had access to the internet, could the virus then reveal information about my network, such as my IP address to attackers?
    Last edited by John_Patrick_Mason; March 5th, 2017 at 01:40 AM.

  2. #2
    Join Date
    Sep 2006
    Location
    Minnesota, United States
    Beans
    603

    Re: Can a malware-infected Wine reveal information about my network?

    Quote Originally Posted by John_Patrick_Mason View Post
    Suppose Wine got infected with a virus that installs a backdoor in Wine, and had access to the internet, could the virus then reveal information about my network, such as my IP address to attackers?
    Yes, in theory, because even regular user accounts have access to TCP/IP data. If you did not, you would not be able to connect at all. When you are running Wine, you are essentially translating system calls from Windows to Unix and vice versa. There isn't an exact one to one relationship, so there are no guarantees that Windows code will execute. It is also true that IF you are not running Wine as a super-user, it cannot do serious damage, except to the files in your home directory. Naturally, you should always keep a backup.


    If Wine gets out of hand, just delete the instance of Wine, usually the .wine directory. Then the system will be clean. Just reinitialize and reinstall your Windows programs.

    If you are really concerned about it, you should run Wine only on a separate account. A better and more practical method is to use KVM rather than Wine. KVM requires a copy of Windows to run Windows programs, but it isolates it away from your personal files. It also provides better compatibility than Wine.
    Last edited by T.J.; March 5th, 2017 at 02:32 AM.
    T.J.

  3. #3
    Join Date
    Jun 2014
    Beans
    265

    Re: Can a malware-infected Wine reveal information about my network?

    Quote Originally Posted by T.J. View Post
    It is also true that IF you are not running Wine as a super-user, it cannot do serious damage, except to the files in your home directory. Naturally, you should always keep a backup.
    What if I install something like firejail and use it to launch Wine to isolate Wine from my home folder, except maybe the Download folder, where I could store the infected files so that Wine can import them? Would that work?

  4. #4
    Join Date
    Feb 2017
    Beans
    5

    Re: Can a malware-infected Wine reveal information about my network?


  5. #5
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    872
    Distro
    Ubuntu

    Re: Can a malware-infected Wine reveal information about my network?

    Quote Originally Posted by John_Patrick_Mason View Post
    What if I install something like firejail and use it to launch Wine to isolate Wine from my home folder, except maybe the Download folder, where I could store the infected files so that Wine can import them? Would that work?
    What are you running on Wine that you're so sure is infected?
    Knock knock.
    Race condition.
    Who's there?

  6. #6
    Join Date
    Jun 2014
    Beans
    265

    Re: Can a malware-infected Wine reveal information about my network?

    Quote Originally Posted by bashiergui
    What are you running on Wine that you're so sure is infected?
    I'm fixing a friend's computer. The first thing I tried was to install a good antivirus like Avira, but whatever he had was interfering with the installation of the program, so I couldn't run an antivirus scan in Windows. I then tried copying all of his files onto a blank DVD, but unfortunately the paste function was also disabled, probably to make reinstalling Windows harder without also erasing all of his personal files. Even clicking and dragging did not work. That's when I went into the Windows Task Manager to see if I recognized any malicious processes that were running. When I clicked on the performance tab, I noticed that the CPU was maxed out at 100% without any applications open. Since I couldn't run an antivirus scan in Windows, I used a live CD and ran an antivirus scan in Linux using ClamAV. It said I had 40 infected files, so to make sure that some of these weren't false positives, I uploaded each of them individually to virustotal.com to see what the other antivirus programs had to say about it. That's when it said I had two trojan horses, and that's on top of all the adware/spyware it found. Since I don't mess around with trojan horses, I used the live CD to copy all of his personal files onto a blank DVD while booted in Ubuntu, and bought a fully legal Windows 7 OEM disk on Amazon for $50, before reinstalling Windows from scratch. Also, before I did that, the computer would randomly shutdown when it was connected to the internet, but would run normally when not connected to the internet.
    Last edited by John_Patrick_Mason; March 11th, 2017 at 07:51 AM.

  7. #7
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    9,719

    Re: Can a malware-infected Wine reveal information about my network?

    Malware on WINE is not a problem in real life.

    You can 'suppose' any movie plot horror story, but the reality is that there are no viruses that actually do something on WINE.

  8. #8
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    872
    Distro
    Ubuntu

    Re: Can a malware-infected Wine reveal information about my network?

    If you've got the links to the Virus Total samples I can try to figure out what he was infected with. AVs give random names to malware that rarely mean much other than "it's bad!!!" If we can identify how he was infected, you can devise a plan to prevent that in the future. This would be much more effective than trying to defend against hypothetical scenarios.
    Knock knock.
    Race condition.
    Who's there?

  9. #9
    Join Date
    Jun 2014
    Beans
    265

    Re: Can a malware-infected Wine reveal information about my network?

    Quote Originally Posted by bashiergiu
    If you've got the links to the Virus Total samples I can try to figure out what he was infected with. AVs give random names to malware that rarely mean much other than "it's bad!!!" If we can identify how he was infected, you can devise a plan to prevent that in the future. This would be much more effective than trying to defend against hypothetical scenarios.
    Oh sure, I posted the results of the scan here: http://forums.clamwin.com/viewtopic.php?t=4595 along with the files that I found most concerning.

  10. #10
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    9,719

    Re: Can a malware-infected Wine reveal information about my network?

    BTW, that list looks like the user installed a bunch of random cruft off the internet, which is typical Windows user behaviour and got a bunch of adware to go with it.

    That is why I don't do Windows anymore - life is too short to deal with this kind of nonsense over and over again.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •