Might be a silly question, but I was wondering… WINE has permission to edit certain (profile) folders and provides Windows based software to run under Linux. Could it also provide Windows viruses an environment to run? Like running Windows based botnet connectors, spam senders, infect other (WINE) programs or folders, etc.
UPDATE:
Furthermore, what could be the dangers to your Linux system that would allow such things to run?
Best Answer
It is possible.
I have recently been testing a few scenarios on Ubuntu on a virtual machine running trojans and similar. Due to the way WINE gets run, it is easy to see and kill the process, but it can run malware - even as services.
However, it is usually invisible to the end user as most target Internet Explorer or registry keys that simply do nothing.
Even with the above being said, I never looked far enough in to the files to actually discover what they were doing - I am sure it was waiting for a command or similar.
The bad news is, without good Linux experience it is hard to remove. I tried uninstalling and reinstalling WINE, but the configuration and various stored files still remain - you have to do a complete manual delete of the WINE config and drive (Located in '~/.wine'), and various other configuration scripts.
I know it was infected as whenever I restarted the machine after deliberately infecting, services.exe (I think it was called) and various WINE processes automatically started with the machine and took huge CPU time where as it never did anything like that in the past.