Cracked Linux Boxes Used to Wield Windows Botnets

m-stone writes "Online auction house eBay recently did a threat assessment to better understand the forces ranging against them. The company is keeping the fine details under wraps, but the biggest source of danger for the company is apparently botnets. You're never going to guess who was running them. '[Dave Cullinane, eBay's chief information and security officer] noticed an unusual trend when taking down phishing sites. 'The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes,' he said. Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected. Because Linux is highly reliable and a great platform for running server software, Linux machines are desired by phishers, who set up fake websites, hoping to lure victims into disclosing their passwords."

helps to have a static IP address

[dominux]

windows boxes in botnets are mostly going to be home computers on dynamic IP addresses. Linux boxes are more likely to have a static IP address, lots of bandwidth and they don't crash much or get turned off.

As several people have pointed out

[Master+of+Transhuman]

1) these bot-net controlling Linux boxes probably were not hacked to root access level, but only Web server access level - which is not a problem with the OS.

2) And if they were hacked to root access level, it was probably not a kernel hack but a service level hack based on an unpatched service and a lazy admin.

Whereas when Windows gets hacked, it is USUALLY hacked at all sorts of levels - applications to services - ALL of which end up allowing arbitrary code with essentially "root" access (if not "system" access).

THIS is why Windows is less secure than Linux.

At the very least, THIS story does NOT prove that Linux is equally insecure to Windows AS AN OS.

Get your facts straight.