[conspire] Write Once, Exploit Everywhere

Rick Moen rick at linuxmafia.com
Tue Aug 28 12:51:15 PDT 2012


Quoting Adrien Lamothe (alamozzz at yahoo.com):

> "FWIW, the current exploit is focussed solely on Win32 boxes
> 
> because its payload is delivered as a Microsoft exe file.
> http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html"
> 
> 
> Perhaps having Wine or DOSbox installed would allow that .exe file to
> run? (I'm not going to test it.)

I was bearing in mind that possibility when I cagily said 'Win32 box'.  ;->

In the past, WINE has proved only very poorly able to be sufficiently
bug-compatible with contemporaneous versions of MS-Windows to enable the
malware du jour to run and propagate.  E.g.:

http://web.archive.org/web/20080403005725/http://www.linux.com/articles/42031
(No relation, by the way, though I've met Matt Moen.)

I expect the same is true of DOSBox.





More information about the conspire mailing list