FANDOM


Winux, also known as Peelf or Lindose is a cross-platform virus that infects both windows Portable Executables as well as Linux ELF files. It comes from the Czech Republic, coded by Benny of the group 29A.

Behavior

When Winux is executed on a Windows system, it searches for all .exe and ELF files in the current working directory and all subdirectories from there (a limit of 20 subdirectories deep). When it finds a Portable Executable file, it checks if the .reloc section is large enough to fit the virus. If it is, the virus overwrites it. In this case the file will not change in size, as a part of it is overwritten. When it finds an ELF file, it checks if there is a section of code as large as the virus or larger.

If it finds one, the virus moves that section to the end of the file and places itself in the section's original location. When run from Linux, aside from the fact that it can only infect files in the current directory (none of the subdirectories), it follows the same infection routine. On neither OS does it check for extensions.

Winux contains strings in its code:

  Win32/Linux.Winux] multi-platform virus by Benny/29A
  This GNU program is covered by GPL

Effects

Winux was never released into the wild, but there was some speculation about the future of cross-platform infectors after the virus's existence was announced. The safety of Linux, particularly with regard to malware was called into question, even though viruses for Linux have existed since Staog's release almost five years earlier. However, cross-platform binary threats have never become a major threat and many researchers in the security field believed there was too much interest in this virus, innovative though it may have been.

Community content is available under CC-BY-SA unless otherwise noted.