Cross-platform virus?

Daniel Carrera daniel.carrera at
Wed Apr 19 17:20:30 UTC 2006

Derek Broughton wrote:
> Lighten up!  You asked for an explanation, and this looks like a pretty good
> explanation to me.  Where you read between the lines and see ...

I'm not actually in a bad mood today.

As for an explanation, Eric doesn't actually have one (we've been 
talking off-list, he doesn't know any more than I do). If you read the 
email you'll see that he doesn't actually explain (or pretend to).

> I saw a fairly detailed description of how it _could_ work.

No, there is no description. The only relevant bit is

"it does run natively under both Windows and GNU/Linux and is able to
modify an executable from the one OS that'll run under the other"

This is not an explanation, or a description. It is a statement. This 
statement, I had already heard (I included it in my original post) and I 
also pointed out the problem with it: PE and ELF files have different 
magic numbers. So, if this program actually is a PE and an ELF at the 
same time (something that's not clear) how does it pull that off?

> Part (a) may need to run under Wine, but it can then modify part (b) to run
> under Linux.

Running under Wine is not the same as a binary that runs on both Linux 
and Windows. It sure is more plausible. But again, you don't know any 
more than I do. This is just a guess. I was hoping that someone here 
might know something.

> But it still needs to actually have the necessary privilege
> to modify an executable


> Alternatively, his post suggests that it
> isn't actually an executable in _either_ environment.

I didn't see that. From my off-list chat with Eric, I don't think he 
would know that (nothing "wrong" with that, I don't know either, that's 
why I ask).

    /\/_/   A life? Sounds great!
    \/_/    Do you know where I could download one?

More information about the ubuntu-users mailing list