-1

I have a problem with a Ubuntu installation. I think I could be infected by the WannaCry virus.

I am quite good at not opening email attachments, so I don't think that is the particular attack vector, and I have done nothing recently to increase the attack surface area of my machine, so I wonder if it was exhibiting worm like behaviour and perhaps got in through a port.

A mate of mine says I should use Wireshark to look at the out going packets on UDP port 53 to DNS, see if I can identify what domain name it is trying to contact, and then check RIPE to see if the domain has already been registered, and if not, he says I should register it and set an IP address. He believes that causes the virus to terminate, kill itself and remove its persistence from HKEY/Local Machine Software/Run. Is he right?

I have read elsewhere that Wine effected, but I am not running Wine.

Can anyone give me any advice?

RISCyBusiness
  • 1

1 Answers1

3

If you don't have WINE installed, then you are immune to WannaCrypt. Simple as that.

Win32 executables simply cannot run on Linux unless some compatibility layer that provides the resources and translates the syscalls on-the-fly, such as WINE, is present.

Related Q&A on this site that you might wish to read: What is the "Wanna Cry" ransomware's possible impact on Linux users?

Also, WannaCrypt is not a virus. It is ransomware. By the way, the media has blown this particular outbreak way out of proportion.

You'reAGitForNotUsingGit
  • 14,969