WineHQ
Wine Forums

Board index » WineHQ » Wine Help




 Page 1 of 1 [ 5 posts ] 



 
Author Message
 Post Posted: Mon Feb 08, 2010 7:56 am 
Offline
Newbie
Newbie

Joined: Mon Feb 08, 2010 7:44 am
Posts: 2
Hello,

Does anybody know if the trojan gatecrasher would be able to run in a Linux system with wine?

I am using XUbuntu and had a warning in my firewall about port 6969 which is used by Gatecrasher trojan.

Of course for security reasons I formated my computer.

Could a Gatecrasher trojan be running in my system if I was using wine?

Thank you for your help


Top 
 Post Posted: Mon Feb 08, 2010 10:09 am 
Offline
Moderator
Moderator

Joined: Sat Feb 23, 2008 2:29 pm
Posts: 6605
josebelda wrote:
Does anybody know if the trojan gatecrasher would be able to run in a Linux system with wine?

http://wiki.winehq.org/FAQ#head-3cb8f05 ... 4e305a0459

Really depends on what it is and how it installs itself.


Top 
 Post subject:
 Post Posted: Tue Feb 09, 2010 5:31 am 
Offline
Newbie
Newbie

Joined: Mon Feb 08, 2010 7:44 am
Posts: 2
Thank you very much for your reply.


Top 
 Post Posted: Tue Feb 09, 2010 2:46 pm 
 
On 09.02.2010 13:31, josebelda wrote:
Quote:
Thank you very much for your reply.

Note, that unless worm/virus/troian specifically targets wine, removing ~/.wine
would be enough, re-formating whole system is not necessary.

Running wine from separate user (that cannot easily obtain root via sudo [like
usual "desktop user/admin"], does not have access to private user data
[~/.mozilla/*/*/{signons,cookies}* and alike], and, maybe, limited network
access [with something like
iptables -N winejail
iptables -A winejail -j REJECT
iptables -A OUTPUT -o ! lo -m owner --uid-owner wineuser -j winejail
plus some rules to specifically allow network on some ports/addresses:
iptables -I winejail -p tcp --dport 80 -j ACCEPT
iptables -I winejail -p tcp -d ${dns-server} --dport 53 -j ACCEPT
iptables -I winejail -p udp -d ${dns-server} --dport 53 -j ACCEPT
]) would also help limit damage from such incident even with wine-aware viruses.

BTW, does anyone know if wine-aware malware (that able to use int $0x80 to
bypass ~/.wine/dosdevices jail, etc) already exists in the wild, or it is still
only theoretical threat? :-)

PS And I don't know, where topicstarter got idea, that port 6969 is used only by
malware - as quick lookup at google:// shows, this port frequently used by
torrent trackers.


Top 
 Post subject:
 Post Posted: Thu Feb 11, 2010 4:57 am 
Offline
Level 8
Level 8

Joined: Fri Feb 29, 2008 2:54 am
Posts: 1020
Yuriy Kaminskiy best way is not to open wine particular ports in the first place.

josebelda. Linux is different to windows. Formating is not the only solution.

Package management means a 1 to 1 search for alterations can be performed. Know the enemy you are taking on.

Wine always does need to be taken with care. Because software in wine has simplar problems to windows.

Basically if you system is breached and you don't know how. A person can always reuse the same breach.


Top 
Display posts from previous:  Sort by  
 
 Page 1 of 1 [ 5 posts ] 




Board index » WineHQ » Wine Help


Who is online

Users browsing this forum: Bing [Bot] and 13 guests

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: