As of late I have been playing Zangband, a rouge-like game in tty1. In between monster killing sessions, I switch back to tty7 to check slashdot/gAIM/eC/etc.

During one of these short breaks, I noticed that I had an e-mail. It could have been anything, from a scosug message to spam. I check, and find another one of these classics:
=========================================
Dear user of OwlManAtt.com gateway e-mail server,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

For more information see the attached file.

For security purposes the attached file is password protected. Password is “81736″.

The Management,
The OwlManAtt.com team http://www.owlManAtt.com
=========================================

And attached to it is some zip file which can only contain a virus. (Come on, spoofed message, password protected zip file that prevents antivirus scanners from looking at the file, AND bad grammar? It can only be a virus!).

Being bored out of my mind and lacking anything to do at all, I unzip the file, knowing that it can only be a windows virus, and that I am in no danger at all. It has some stupid cryptic file name, and opening it in nano or a hex editor reveals nothing of interest.

So, I say to myself, what the hell? I’ve always wanted to see what would happen if a virus was run under WINE, and I didn’t have anything better to do.

$ su
Password:
# useradd -h /home/crapaccount crapaccount;mkdir /home/crapaccount
# cp /home/owlmanatt/.wine /home/crapaccount/;chmod;chown;bla bla bla

The only reason I created a seperate account to run the virus under was JUST IN CASE something went horribly wrong with WINE. The chance of the virus actually doing any damage under Linux is something like 1 to eighty-billion-googolplex, but I’m a tad paranoid.

So with the wine configs in place, I prepare for the moment of truth. What WOULD happen? Would it go after the fake_windows partition? Would it print a message? Would it just silently die?

No, of course not. I’d forgotten the CARDINAL RULE of using WINE: It does not work when you want it to.

crapaccount@bell:~/.wine/fake_windows$ wine ojvyteie.exe
err:module:MODULE_LoadLibraryExA Loading of native DLL C:WindowsSystemiphlpapi.dll failed, check this file ! (GetLastError 193)
err:module:PE_fixup_imports Module (file) iphlpapi.dll (which is needed by C:ojvyteie.exe) not found

Blarg. Useless crap. WINE can’t even run a virus properly.