[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-devel
Subject:    Re: Another report of malware running on Wine
From:       Pavel Troller <patrol () sinus ! cz>
Date:       2007-01-30 7:52:58
Message-ID: 20070130075258.GA6015 () tangens ! sinus ! cz
[Download RAW message or body]


Hi!
  This weekend my son downloaded a trojan masking as keygen for a Symbian
mobile application. After running a trojan, a tooltip in the systray appeared
saying something like "Your computer is infected". After that, I inspected his
.wine directory.
  There were many files added in various directories (system32, windows, even
root of c:, they were partly .exe, partly .dll, ane one even .htm :-). I looked
it in the web browser and it displayed a page saying that my comp is full of
malware, spyware and various other *ware and that the only cure is to download
a specialized application from them :-). They tried to make me shocked by
displaying something that "THEY know that your computer has IP address <my real
IP ADDRESS>, you are using Windows XP (hahaha) and your browser is MSIE 6
(hahahaha). However, this page was not displayed by the trojan, so I think that
something has failed in it and it was unable to fire the formerly mentioned
MSIE6 :-). Two unknown processes were permanently running by wine. After
cleaning all this mess, normal wine operation has been fully restored.
     With regards, Pavel Troller



[prev in list] [next in list] [prev in thread] [next in thread]