Security researchers at Sophos Labs have revealed that nearly 70 percent of all Linux honeypot infections are caused by a single virus. Perhaps even more shocking, all things considered, is the fact that the virus in question, Linux/Rst-B, is actually six years old now. So concerned is Sophos at this identified trend that is has now made a specific tool available just to detect whether this one virus is present on your Linux based computer or server.
The fact that Linux servers are of great interest to the cyber-criminal fraternity should come as no surprise, after all these are likely to be 24/7 running machines and because the general (misplaced) perception is that Windows based systems are inherently insecure and Linux ones the opposite, protection against malware attack is sadly lacking. The cold, harsh truth is that Linux systems are pretty much ideal for being compromised for use as a botnet controller, ironically more often than not being in control of a virtual army of infected Windows PCs.
"The number of malware programs in existence is around 350,000, and while only a very small number of these target Linux, it seems as though hackers are taking advantage of this false sense of security," said Carole Theriault, senior security consultant at Sophos.
Meanwhile, Billy McCourt, a SophosLabs UK researcher, wants your help to determine just how prominent these Linux based botnet controllers are. In order to do this he is asking that anyone who is not running some kind of anti-virus solution on their Linux boxes to run the small rudimentary Linux/Rst-B scanner and contact the labs with the results if they show that you have been infected. Billy asks that you scan your whole system but if this isn't feasible then at least scan your /bin /usr/bin /tmp /var/tmp /sbin and /usr/sbin directories and send any infected files (in encrypted format) to rstb@sophos.com who will check whether they are infected hacking tools or just infected standard binaries.