Is my Ubuntu Jaunty installation infected?

I ran a downloaded Windows executable under Wine- then funny things started happening:

My Ubuntu workspace 1 became workspace 2.

I ran the executable again and my workspace restored back to workspace 1.

I ran the executable under Wine to insulate myself from Malware. It appears that Linux can be compromised after all.

 

Sounds like you're describing a bug in Ubuntu or WINE or GNOME. What makes you think you're infected, were you running/ testing malware?

 

LOL. A Windows executable cannot infect Ubuntu no matter how hard it tries. Yes, a Win virus can cause problems for your .wine directory and cause some problems within WINE programs but it cannot infect your Ubuntu install.

 

Have a read here:

http://ubuntuforums.org/showthread.php?t=543419&page=1

 

That guy who posted that doesn't seem to get it. A Windows binary or script will not run on Linux. The permissions of the Windows virus file are inconsequential since the file wont execute (outside of the .wine fake Windows directory) in the first place. The Windows virus is not expecting a Linux system, and even if it could somehow break-out of Wine, it would have no idea what to do since Linux and Windows are two different operating systems.

Now, if someone coded a virus specifically for WINE, that would be a different story. However, why go through that trouble when you could just write a native virus?

 

I was running software with a high probability of having malware.

 

I think they hand-crafted malware to handle a variety of scenarios that include "WINE".

 

From now on I will run "high risk" software under a VirtualBox. Linux is not bulletproof.

I am going to restore a Ubuntu archive to get a rid of this infection.

The infection changed the signature on all the data files of a logical drive, although no viruses are detected.

Can a logical data drive re-infect my restored archive Ubuntu drive?

 

Why are you doing this? That should be the first question you ask yourself....

 

So that he can make the claim the Linux isn't really safe. He makes a claim that there is a specific piece of malware designed to attack Linux via Wine. No security firm has reported such a vulnerability, much less an active exploit, but he can come here and post FUD claiming "personal experience." Yet he doesn't give the name of the download with the supposed malware, so that others could test its validity. Nor does his discription of the supposed damage make much sense. "My Ubuntu workspace 1 became workspace 2" What's this supposed to mean?

For the fun of it, let's see if we can imagine why someone would write an exploit that, instead of attacking Linux directly, does so only through Wine. Who would benefit from that? Let's see? Could that possibly be someone who doesn't want Linux users to be able to run Windows programs? I got it!! It must be a Microsoftie!!!

 

http://wiki.winehq.org/FAQ#head-3cb8f054b33a63be30f98a1b6225d74e305a0459

As long as you do not run as root or SUDO and wine is not configured to access outside ~/wine the only thing that can/will get infected is you wine environment. So if you can read and write your to home from Wine (I dont know much about how wine is configured) Malware running via Wine can read and write to it, but in no way should be able to infect your entire system unless running as root/sudo.

Cheers, Nick

 

My thoughts exactly, though I was waiting for someone else to say it first.

The OP either has no idea of how Linux works or he is spreading FUD. No other possible explanations here.

 

1. Both chronomatic and lewmur are wasting my time with their non-humerous snide remarks.

2. likuidkewl has confirmed what I suspected.

You're right, I won't do it again. This has turned into a nightmare for me.

 

Can you upload that file to somewhere else and give us the link?

 

I can't do that- I could get in trouble. Suggest a way that is untraceable.

It appears that Malware has evolved into a new level. Viruses are for school children.

 

Allow PM's

 

He confirmed a possibility for something. While i too am a little cautious with WINE, in reality the probability is really small.
It's a bit hard, as you can guess, for me to judge this from over here, reading your post with little information. I'm not judging YOU note

BTW, PM disabled?

 

Hello Pedro,
What is "PM"?

Right now I am knee deep in computer problems- Perhaps in a month, I will be in a position to upload the Malware file to people so as to increase the credibility of my claims.

Thankyou,

 

You have disabled Private Messages. This is the preferred way to discuss issues such as these here.

 

I am sorry, I don't believe one word of this, if this has not been implemented with SUDO, it ain't just happening out of blue.

 

I don't even understand what his complaint is all about. He says the malware moved "workspace 1 to workspace 2." If you have compiz enabled, just moving your cursor can do that. And too busy to identify the malware for another month? Give me a break!!

 

That mighty freakin' busy!

 

Exactly........thats how Linux switchers workspace when Compiz is on.

 

Hello likuidkew and Pedro,

I have enabled Private Messages

Do I have to be on-line at the same time as you for this to work?

In the past, whenever I have run a P2P client in VirtualBox under a windows host- eventually the windows host becomes corrupted. I suspect this is because I access the downloaded files using my windows host.

I switched to a Linux host (Ubuntu) and eventually it has become corrupted- It took 100 times longer to happen but it did.

I am not a Linux expert but I am impressed by it's invulnerability compared to Windows. An average Linux user would never have to worry about computer security.

 

PM sent.