
WCry 2.0 functions perfectly under Wine - SteBu
https://twitter.com/hackerfantastic/status/863359375787925505
======
janwillemb
One of the comments: "truly this is the year of the Linux desktop"

------
flukus
And I still can't get Starcraft HD to work...

~~~
rickdg
Blizzard and Adobe, the guardians of Windows.

~~~
frubar
Eh? I'm under the strong impression that Adobe works nicer on Mac than
Windows.

~~~
lois
I haven't noticed much of a difference. Even if there is, there's the matter
of the Mac price tag.

and the utter agony of using a Mac if you're used to Windows.

If you lack the budget for a Mac but you want to do graphic design, Windows is
the logical choice.

~~~
frubar
Fair enough but the parent comment claimed that Adobe (and Blizzard) were
keeping Windows alive. How can that be if it runs better or at least just as
good on Mac?

------
davidgerard
Wine has long been sufficiently compatible with Windows to run malware. I
added a bit about this to the Wine FAQ in 2009 I think ;-) IIRC the ZeroWine
malware analyser would run malware in Wine in Debian in a QEMU virtual
machine.

The question here is not whether it runs, but whether it can infect.

~~~
hd4
No, the more pressing question _is_ whether it can run, specifically whether
it can run without intervention, and I'm willing to bet a lot of
money/bitcoins that it can't, purely because it couldn't gain access to the
machine _unless_ those ports were open.

------
joveian
A good reminder to run wine as a different user...

~~~
shimon_e
Run wine inside an emulator... oh wait

~~~
wruza
We need to go docker -_-

~~~
notamy
Inside of a VM, of course. Can't have enough protection!

~~~
zacmps
Then you remember that the VMware hypervisor was broken recently...

~~~
orf
that's fine, run the hypervisor inside virtualbox. For extra marks have it
communicate to the host via smoke signals.

------
aeleos
That is pretty scary. Anyone know if there is any info on if it will only
encrypt the c_drive folder that wine makes or the entire fs?

~~~
swiley
Isn't the entier fs exposed as Z: or so in wine? I know there's some way to
get to the user's home directory which is probably good enough to cause
essentially the same amount of pain.

~~~
viraptor
> entier fs exposed as Z: or so in wine

By default only. You can easily disable that. It always made me worried that
anything in wine got access to my system, even though I normally wanted
something closer to an isolated instance, so I always disabled that.

~~~
gpvos
There may also be links to your home directory as "Desktop", "My Documents",
etc. See winecfg for these. And note that your registry files may refer to Z:
(mostly for fonts, it seems), or even directly to files outside your Wine
directory.

~~~
CyberShadow
If the software is Wine-aware, it doesn't matter. The \\\unix\ filesystem
namespace allows programs running under Wine to access the host filesystem
whether it's mapped as a drive or not. And, of course, since Wine Is Not an
Emulator, it could also use POSIX APIs or Linux kernel syscalls directly if it
wanted to.

~~~
gpvos
Have there been reports of Wine-aware malware already? (If not, the next
generation probably will, though.)

------
kabes
So I could run this in Wine on top of windows subsystem for linux and screw up
my host windows?

------
pietrasagh
Is there any way to isolate wine and limit write permisions to user files? I
only found this [https://askubuntu.com/questions/327223/how-to-isolate-
wine#3...](https://askubuntu.com/questions/327223/how-to-isolate-wine#327259)

~~~
mike-cardwell
Same way you isolate any program on Linux. SELinux, AppArmor, or running as a
dedicated user.

[edit] I suppose there are containers nowadays too.

~~~
pmlnr
containers still need apparmor/selinux to be secure; a container is just a
packaging method without those.

------
giis
I'd like to give it a try later today with Wine under Linux VM. Anyone know
the download link for wannacry?

I'll update the findings here :)

~~~
capitalF
[https://github.com/ytisf/theZoo/tree/master/malwares/Binarie...](https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware.WannaCry)

~~~
giis
thanks for the link, will check

~~~
giis
Someone already has few findings:
[https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b...](https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168)

------
ibic
WCry set up an example how to let users screw up themselves easily.

------
red2awn
I uninstalled wine a few weeks ago :)

------
daxfohl
Weird. Is wine based off XP?

~~~
michaelmrose
wannacry isn't limited to windows xp

~~~
nthcolumn
if you know of a wcry windows xp infection let us know please.

