You do not need a rootkit to turn a linux box into a spam-bot... All it takes is one bad cgi/php page in a Web Hosting environment (100+ virtual sites) for a perl spam proxy to get launched from tmp on an unprotected port. Matt Wright has kept all the bad web developers in the business of poor web code for years.
I cannot tell you how many bad contact me web pages exist on the Internet with many of the worst being on Linux et al. Things like mod_security and PHP safe mode only mitigate certains cases. Its a pain plugging the holes of customer application code no matter how secure the operating system you are using to service them.
Slashdot Mirror
You do not need a rootkit to turn a linux box into a spam-bot... All it takes is one bad cgi/php page in a Web Hosting environment (100+ virtual sites) for a perl spam proxy to get launched from tmp on an unprotected port. Matt Wright has kept all the bad web developers in the business of poor web code for years.
I cannot tell you how many bad contact me web pages exist on the Internet with many of the worst being on Linux et al. Things like mod_security and PHP safe mode only mitigate certains cases. Its a pain plugging the holes of customer application code no matter how secure the operating system you are using to service them.