Linux Compromised Operating Systems Go Hand in Hand with Infected Windows Platforms

The lack of a silver bullet security solution is axiomatic when it comes down to delivering user protection. Security is nothing more than a constant race, with the software developers laboring to catch up with the threat environment. And despite of the promise of malware safe heavens such as Mac OS X and Linux in comparison to Windows, the fact of the matter is that all code is vulnerable to attacks, exploits, bugs, flaws, etc. And the threat environment differentiates between various solutions only to fulfill the multiple aspects of an attack.

An illustrative example, in this context, is one tactic emphasized by security outfit Sophos. According to Billy McCourt, with the SophosLabs UK, compromised Linux operating systems go hand in hand with infected Windows platforms. Case in point: the botnet exemplified in the image included toward the bottom of this article. Essentially, compromised Linux computers, usually server machines, are used by a botnet master to manage the infected Windows zombies.

"Linux computers are very valuable to hackers. A bot army, similar to real armies, needs a general (controller) and infantry (zombies). Linux boxes are often used as servers, which means they have a high up-time - essential for a central control point. A Windows computer, on the other hand, is found at home or as a desktop machine in an office, and these computers are regularly switched off. This makes them less attractive as controllers, but ideal for infantry, or zombies," McCourt stated.

In this context, one particular piece of Linux malicious code is making the rounds. Labeled by Sophos as the Linux/Rst-B, the Unix virus has been around for over six years, and yet there are still malicious tools around infected with the malware.

"A few of us in the Sophos labs are researching how prominent Linux based botnet controllers are and would appreciate your help. If you don't run anti-virus on your Linux boxes, we would like to invite you to run a tiny rudimentary scanner we have developed whose sole job is to look for Linux/Rst-B infections. Note that running this tool will not help you if you are infected with any other malware, so we strongly encourage you to consider running an up-to-date antivirus scan to ascertain the real health of your system. If you find any Linux/Rst-B infections it could mean you have been compromised and are part of the botnet problem," McCourt added.