Of course the obvious question was asked (by P. Christeas), “Does SoBig.F run under wine? If yes, how bad can it get? “
Marcus Meissner tried running it and reported that it crashed. Sylvain Petreolle wondered how long it would take for virus writers to begin complaining their code didn’t work under Wine. Shachar Shemesh warned against using Wine as a sandbox for testing such things:
We’ve been through this discussion before too. Wine is not a VM, and the isolation between Win32 and Unix code is the result of application’s ignorance, rather than a deliberate design decision. As such, it is highly NOT recommended for cases where hostile code of unknown qualities is tested.
For all you know, sobig may be checking whether it is runnning on wine, and then issuing the correct interrupts (static linking dlopen) and infecting your Unix system.
Yuck.