Winux
Winux
Type File virus
Creator Benny/29A
Date Discovered 2001.03.27
Place of Origin Brno, Czech Republic
Source Language Assembly
Platform MS Windows, Linux
File Type(s) .exe, ELF
Infection Length 2,132 bytes

Winux, also known as Peelf or Lindose is a cross-platform virus that infects both windows Portable Executables as well as Linux ELF files. It comes from the Czech Republic, coded by Benny of the group 29A. Both the coder and group are known for producing innovative viruses and other code. It is the first of this kind, though technically not the first cross-OS virus ever. Macro viruses had been able to infect between Windows and Macintosh computers for years, and Mister Sandman created Esperanto in 1997, a virus that could infect across OS's and processors.

Table of Contents

Behavior

When Winux is executed on a Windows system, it searches for all .exe and ELF files in the current working directory and all subdirectories from there (a limit of 20 subdirectories deep). When it finds a Portable Executable file, it checks if the .reloc section is large enough to fit the virus. If it is, the virus overwrites it. In this case the file will not change in size, as a part of it is overwritten. When it finds an ELF file, it checks if there is a section of code as large as the virus or larger. If it finds one, the virus moves that section to the end of the file and places itself in the section's original location. When run from Linux, aside from the fact that it can only infect files in the current directory (none of the subdirectories), it follows the same infection routine. On neither OS does it check for extensions.

Winux contains strings in its code:

  Win32/Linux.Winux] multi-platform virus by Benny/29A
  This GNU program is covered by GPL

Effects

Winux was never released into the wild, but there was some speculation about the future of cross-platform infectors after the virus's existence was announced. The safety of Linux, particularly with regard to malware was called into question, even though viruses for Linux have existed since Staog's release almost five years earlier. However, cross-platform binary threats have never become a major threat and many researchers in the security field believed there was too much interest in this virus, innovative though it may have been.

Sources

Peter Ferrie. Symantec, W32.Peelf.2132. 2007.02.13

Benny. 29A Magazine, Win32/Linux.Winux. 2001.03

José Luis López. VSantivirus, Winux (Lindose). Winux. Un nuevo concepto. ¿Cuál es su verdadero peligro?. 2001.03.29

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License