Question would this happen if they used PcLinuxOs.

[trevatxtal]

Question would this happen if they used PcLinuxOs.
This breaking news mentions .exe files as the culprit.
http://www.theregister.co.uk/2013/03/20/south_korea_cyberattack/
We live in interesting times, an old Chinese curse.
Trevor
Link to .exe report
https://twitter.com/KOREATOWN/status/314301782098575361
More interesting reports
http://it.slashdot.org/story/13/03/20/1244217/possible-cyber-attack-against-south-korean-banks-and-tv-stations

[µT6]

if they install wine, those exe files can be used and possibly could operate up to a certain point

without wine, no, only with a miracle, sorcery or 1 in a billion happy accident, maybe

[trevatxtal]

""if they install wine, those exe files can be used and possibly could operate up to a certain point""
A very good point, worth considering.
It now produces another question, would the Linux Kernel allow wine to exit its area of operation to access the bios? 
If so then Wine and possible Virtual Box are lurking time bombs for Linux.
I would appreciate answers from some one in the know.
Many thanks
Trev

[kjpetrie]

Virtual machines cannot access the host's bios - only the virtual bios of the VM in question.

Wine has a daemon (controlled from the Systems -> Services area in PCC) which can wait for an .exe file to try to start and then run it. That exposes the computer to attack though the process will run as a particular user and will only have that user's privileges. I don't know whether an .exe can start as root. However, you don't need that daemon running to use wine. You can start wine when you need it, which means it will only run when you start it and feed it the path to the .exe to run. If an .exe tries to run without wine it will only get as far as the Linux API will allow, which won't include accessing the rest of the machine as all the libraries and paths will be different from what an .exe expects and it will crash at that point.

Wine is therefore safe as long as the wine service is not set to start at boot and you ensure the desktop application launchers for anything that needs it call it specifically.

[µT6]

"It now produces another question, would the Linux Kernel allow wine to exit its area of operation to access the bios?"

afik, wine doesn't allow such exe files to reach bios, if i remember correctly some time ago the idea of update bios using wine with a windows tool didn't gave any result but i could be confusing things

a virus under wine limits itself to do the normal stuff, attack files, rename stuff, run weird things killing cpu and ram and similar things, of course when you stop wine service and delete the virus, everything goes back to normal in wine

[trevatxtal]

Many thanks Kjperie and µT6
That is a relief, I had the feeling it was safe but things change.
But all the same I will be even more careful of .exe files that I acquire in future.
I have in the past tested downloaded free software in wine.
I still use dows for some old audio boards and genealogy software.
Thanks again
Trev

[menotu]

South Korean banks and broadcasters took phish bait in cyberattack

Spam message posing as message from bank carried malware that wiped drives.

More details of the cyberattack on multiple banks and media companies in South Korea on Wednesday have emerged, suggesting that at least part of the attack was launched through a phishing campaign against employees of the companies. According to a report from Trend Micro's security lab, the "wiper" malware that struck at least six different companies was delivered disguised as a document in an e-mail.

The attachment was first noticed by e-mail scanners on March 18, the day before the attack was triggered. The e-mail was purportedly from a bank; Trend Micro's Deep Discovery threat scanning software recognized the message as coming from a host that had been used to distribute malware in the past.

arstechnica.
http://ars.to/16M9CSs
----------------------------

From  Trend Micro 21 Mar 2013
   
How Deep Discovery Protected Against The Korean MBR Wiper

We have continued to look into the MBR-wiping attacks that hit Korea earlier. We believe we now have a good picture of how the attack was conducted, why it caused so much damage, and how we were able to protect users using the threat discovery capabilities found in Trend Micro Deep Discovery.

On March 19, we saw the first indications of this attack, where South Korean organizations received a spam message that contained a malicious attachment. The message posed as coming from a bank. The attachment is actually a downloader, which downloaded 9 files from several different URLs. To hide the malicious routines, a fake website is shown.

It was at this stage that Deep Discovery was able to protect our customers by heuristically detecting the malicious attachment via ATSE (Advanced Threats Scan Engine). Deep Discovery executed the attachment in a sandbox, which was used to generate a list of URLs that was used to block these attacks right away. The URLs found at this stage were then blocked.

The combination of information provided by Deep Discovery and decisive actions by IT administrators was able to ensure our customers were protected in a timely manner. The screenshot below shows the appearance of the alerts:

http://blog.trendmicro.com/trendlabs-security-intelligence/how-deep-discovery-protected-against-the-korean-mbr-wiper/

[trevatxtal]

Thank you menotu
So the plot thickens, some wally's opened attachments in windows without checking were the correspondence was from or what they were.
Something hopefully Linux users do not do.
Even if they did Linux would indicate the attachments were executable, but what if the user then allowed them to be passed to Wine .
kjpetrie in a previous post said the bios and I presume the Master boot record could not be got at.
It would be most interesting if tests were done on a controlled Linux instal to see if copy's of the rouge files could do any thing nasty.
Trev