Bad Taste Attack Brings Windows Malware to Linux (Theoretically)

Written by Christopher Tozzi
July 27, 2017

Bad Taste, a newly discovered security vulnerability in some Linux systems, makes it possible to attack Linux desktop systems using Windows code and the Wine compatibility layer.

Windows and Linux are getting along better than ever — so much so that attackers can now use Windows installation scripts to drop malware onto Linux computers, one researcher has found.

Earlier this month, Nils Dagsson Moskopp reported a vulnerability that he named Bad Taste. It works like this:

Users of a Linux computer running the GNOME desktop environment download a file with the extension .msi. This file type is typically used to install software on Windows.
GNOME parses the MSI file because it wants to figure out what is inside and create a desktop icon for it.
Under certain conditions, GNOME will execute the file using Wine, a tool that makes it possible to run Windows programs on Linux. In the event that the file containers malicious code, the code will execute on the user's computer, even if the code is written for Windows.

Exploit Limitations

This does not spell the end of the world as we know it for Linux users. There are several important caveats worth bearing in mind:

This vulnerability was discovered by a security researcher, who promptly reported it to developers who could fix it. There's no evidence that this attack was ever used in the wild.
This affects only Linux systems with certain software configurations — namely, desktop systems based on GNOME that also have Wine installed. Most Linux servers don't have any of this software installed because it's only useful on desktop systems. Even among desktop Linux users, GNOME is only one of several popular desktop environment options. Plus, most Linux distributions don't install Wine by default.
The vulnerability is already fixed. Anyone running up-to-date Linux systems is not at risk.

The real-world effects of this vulnerability are thus very minimal.

Bringing Windows Exploits to Linux

Still, the attack is interesting because it highlights how an interest in making Linux-based environments compatible with Windows software can create new types of vulnerabilities for Linux users.

Today, Linux and Windows blend together more seamlessly than ever. You can run applications like Microsoft SQL Server on Linux. You can run a Linux subsystem on Windows. This all happens with Microsoft's blessing.

This Linux-Windows integration makes it tempting to use tools like Wine (which, for the record, was created long before Microsoft became so Linux-friendly) to integrate Windows programs seamlessly into Linux-based systems as a convenience for the user.

This integration comes at a cost. Merging Windows and Linux environments creates new potential attack vectors and security complications, as the Bad Taste vulnerability shows.