Simple Informations

Windows has always been considered a vulnerable OS to viruses, but not Linux. I haven’t heared about any virus for Linux except for some university project somewhere. So do not expect me to discover a new virus for Linux. This is much more interesting, actually.

The virus I found, running, on Linux (Ubuntu to be specific) was actually a Windows virus. Some of you might already have figured out the culprit here. So how did the Windows virus manage to run on Linux which doesn’t even support any Windows specific file.

A windows virus running in Linux (Ubuntu)

Wine is a software application which allows Unix like OSes to run programs written for Windows. So if you set the default assocaiation for exe files to Wine in Linux, you can just double click on exe files and run them just like you do in Windows. So if this is right then you can get infected with almost any Windows Virus in Linux.. although the consequences may not be much important.

[Screen Shot soon]

Any Virus using AutoPlay can infect by this method. So if the virus is running after you inserted a USB drive it will copy itself to any external storage device automatically. So virtually you get your USB drive infected with virus from a LINUX system. To prevent this from happeneing do not set the default association for exe file to Wine. Just leave it in the Open with list and chose it when you need to run an exe file.

The removal and detection could be understood from the screen shot provided. Click on the screen shot for a bigger one with more details.

One of the main reasons of rapid spreading of viruses is due to the presence of Autoplay in Windows. Autoplay feature was originally introduced to enhance user experience. An easy way for a virus to enters a PC is through exploiting this option. You can see Autoplay in action when a driver CD of you Motherboard or a Printer start its installation process as soon as you inserts it. Here let us look at how Autorun can be added to a drive (CD, USB, HSS etc..) and make it Windows open a program automatically when you puts it in or double clicks it.

Adding Autoplay to any drive is as easy as creating a text file and typing some commands into it. Have a look at the Autorun.inf file (this makes Windows run programs automatically from CDs) of the Microsoft Office 2007 CD.

The Right Click menu has been modified according to the entries in the autorun.inf file. The file need to be saved with the name Autorun.inf  The bad part is that autoplay can be added to any drive. And a virus can create an autorun file in a USB drive inserted into an infected system. It then makes the autorun file such that not only does the autoplay option open an infected file but the Open and Explore commands in the right click menu will also do the same.

This is the Screen shot of an Autorun.inf file created by the virus Infostealer.Wowcraft.D virus

It will automatically install itself with out you ever knowing, if autoplay is enabled. You might have figured out how easy a virus can infect a Windows based system.

Prevention :

As they say prvention is better than cure. Here are some steps you can take to prevent infection of viruses due to Autoplay.

1. Disable autoplay (more baout this on next post in this series)

2. Always Open a CD or Pen Drive (USB stick) by using the pull down menu of your address bar. You can also type the drive letter followed by a “ : “  eg. D: in the address bar or Run box and press enter.

More about disabling autoplay will be posted in the next post.

Viruses are a constant threat to any computer system. It is more to the Windows based PC don’t mean that viruses doesn’t exist for other operating systems. If something is coded by a human then a virus can be created for it by another one. It is a universal truth. I remember an an article in Digit magazine about a MAC server put up by someone and challenged the world to hack it. It was hacked within 8 hours. So no system is hacker proof actually. There are test viruses for Linux based phones also.

Why do Virus writers always prefer Windows.

For one it is the most popular Operating System. Another thing is that there are many virus creation tools for Windows. And there are many Windows users who don’t update Windows so an old hole will always be there that has not been mended. Add to this some foolish features in the name of User friendliness and you can easily figure out why there are so many Viruses for Windows.

Since Viruses are so widespread the next best thing to do is to safeguard your computer against infection. And that is exactly the reason I am writing this series of posts on Viruses. In this posts I will try to tell you how you can prevent an infection or recover your system after the infection. Please read all the posts in this series to get a full understanding. I will give you the list of Viruses that I have met with and will show you how to remove them and also how to prevent viruses from spreading.