[plug] Windows trojans, you can have them too!

Ryan ryan at is.as.geeky.as
Sun Apr 18 01:06:39 WST 2004

Howdy PLUG,

This has been mentioned before on here in passing, but it surprised me
still, so here goes anyway ...

I was just playing with Zope, which is irrelevant except for the fact
that I was scanning my local ports to find what port it had installed

I noticed something on port 8081:

tcp        0      0 localhost:tproxy        *:*                    
LISTEN     9211/wine-pthread

The offending process:

ryan      9211  0.0  0.8 41096 2216 ?        S    Apr12   0:17
/usr/lib/wine/wine-pthread /tmp/cmb_243461.exe

That file in /tmp is no longer there btw.

Going to it in a web browser brings up scantily clad women touting 1902
phone numbers and access codes telling me to use Internet Explorer.  It
is only listening on localhost, so I port-forwarded it using ssh to
listen externally and looked at it with a Windows PC and IE.  Then is
started trying to download a bunch of stuff and generally be a typical
Windows menace.

So there you go, you can get Windows trojans installing themselves via
Mozilla/Firefox on a Linux box if you have Wine correctly setup :)

I never thought I had seen much success with Wine on my box, but
evidently I had it set up enough for a win32 executable to bind to
interfaces and the like.  As Wine progresses further, I hate to think
what other automated tasks it will let processes carry out on the
underlying OS.

.. back to upholding my newly propagated reputation as a pr0n fiend :P



More information about the plug mailing list