Content-Type: RST I forget who, but some wiseguy stuck a link to site (www.vivilan.cn - not linkified so Google doesn't mark me as evil) on his Facebook wall, which reminded me of one reason I love Firefox (and Linux): security! See, the site is actually a redirect to another site, which is a redirect to another site which tries to show you a fake Windows interface telling you your computer has several viruses and a ton of trojans, and offering a free download to clean them. Clicking on them gives you a nice program called "Windows Police Pro", which is a... virus. But let's take it slowly. If you're using Firefox, you can actually click on the link safely, since all you get is this: .. figure :: http://blog.opensourcenerd.com/upload/reported-attack-site Nope, can't go there. Useful. But after you tell Firefox "it's okay, it's my fault if I die", and it loads the site and redirects, you get it again: .. figure :: http://blog.opensourcenerd.com/upload/reported-attack-site No! And, after getting past that too, again to download the file: .. figure :: http://blog.opensourcenerd.com/upload/reported-attack-site I said no, dammit, NO! So I downloaded it. And ran it in Wine_. And... well, it turns out Wine emulates Windows well enough to get infected by a Windows virus. Sort of, at least. I still got this: .. _Wine: http://www.winehq.org/ .. figure :: http://blog.opensourcenerd.com/upload/virus-install-fail This virus posed as an antivirus program, and "installs" itself all over your hard drive, including putting stuff like fake ``explorer.exe`` and ``svhost.exe`` in your System32 directory. It then runs fake scans, and tells you your computer is borked, and offers to "sell" you the "full" version that will "fix" your computer. The "no thanks" option literally reads "Don't buy and let send my credit card info to a remote server." Yeah, as if it itself won't do the same thing if it touches your credit card info. .. figure :: http://blog.opensourcenerd.com/upload/windows-police-pro I'm pretty sure there is no ``C:\windows\system32\winebrowser.exe`` file in Windows. It even went and added itself into the taskbar (which Wine nicely integrated with my Gnome notifications), and added reminders from time to time (read: every 2 minutes) that you're using the unregistered version. Plus, there was no way to stop it. Well, not from within Windows/Wine, but I have other plans: .. figure :: http://blog.opensourcenerd.com/upload/virus-got-pwned Own3d. That may not be the end of it. To stop it completely, I had to kill Wine. If it managed to infect the Wine registry well enough that it's run automatically, I will have to go into the Wine registry to remove it manually. Or I could run a couple of simple commands: .. sourcecode :: sh sudo aptitude purge wine; sudo aptitude install wine; That's it! Plus, remember that Firefox tried to stop me *3* times before I even saw the file. In the case of a Linux-targeted virus, it would probably do just the same. If I downloaded it, I would then have to go run it manually (unless it's a .sh, in which case I may be able to just run it). To do the same amount of harm, it would then ask me for the administrator password, not just a repetitive "Allow/Deny" box that I just instinctively click Allow on. It would *then* proceed to do its evilnesses, but with one difference: I can still kill it just as easily. A virus run in Wine is akin to taking a ferocious tiger out of the jungle, paralyzing it, then hooking up all of its nerve endings to virtual jungle simulator. It's not a perfect simulation, though, so the jungle maybe doesn't look right, and plus there's an omnipotent power that can change anything that goes on in the simulation, or even destroy it and the tiger's consciousness with a few twitches of his fingers. Now *that's* power. .. figure :: http://blog.opensourcenerd.com/upload/power-nap-cat