Linux is a very tempting target for spammers and botnet owners. And there are millions of Linux boxes out there by now. But so far the only way they are really being compromised is through PHP web apps and poorly chosen passwords. Linux machines are being constantly bombarded with ssh brute force attacks and funny url requests. And as I manage my ssh access well and don’t run publically accessible PHP apps I don’t have problems.
- Between the MySQL on Windows worm a few years ago: http://dev.mysql.com/tech-resources/articles/security_alert.html
- and the Linux on MIPS router exploit from last year: http://blogs.zdnet.com/security/?p=2972
- and the Apache on FreeBSD worm: http://news.cnet.com/2100-1001-940585.html?tag=fd_top
- and the recent Linux router based botnet: http://www.computerworld.com/s/article/9159758/Chuck_Norris_botnet_karate_chops_routers_hard
They are clearly trying anything that is exploitable including the very obscure software platforms. I just don’t buy the idea that they only go after Windows because it is the most common. That is just where the low hanging fruit is and has the most exploits.
Software design has got to have something to do with it and being forced to maintain decades of backwards compatibility and poor design decisions as part of holding onto their monopoly has got to complicate things for Microsoft.
I actually like reading about Linux based appliances with poor security defaults being attacked. It really shoots down the whole idea that only Windows is targeted and that this is because it is the most popular. Notice that the primary way in which Linux systems are being attacked is misconfiguration or poor choice of password. Both are easily remedied issues. Actual exploitable implementation flaws are more rare than in Windows and actual design flaws rarer still.