[ubuntu-uk] Phishing and linux

[Mac]

Martyn wrote:
>> I'm not sure what to make of comments about phishing sites I came across
>> here
>>
>> http://www.theregister.com/2007/10/03/ebay_paypal_online_banking/
>>
>> as follows:
>>
>> "These things are incredibly sophisticated, and when they take over a
>> computer, most [users] don't know it," he said. "With every single
>> phishing site [Washington Mutual has] shutdown, not one person was aware
>> been aware that their machine was compromised and used for phishing.
>> That includes university servers and company servers and personal PCs
>> and all sorts of things."
>>
>> More interesting is that most of the compromised machines were not
>> Windows machines. "The vast majority of [the phishing sites] we saw were
>> on rootkit-ed Linux boxes, which was rather startling. We expected a
>> predominance of Microsoft boxes and that wasn't the case."
>>
>> Any thoughts?
> 
> You missed the next line off your quote:
> 
> "This pleased Microsoft's head of Silicon Valley PR, who served as a
> conference sponsor."
> 
> Hmmm....
> 

Yes, that does make one suspicious.  However, does the fact that M$ 
would be pleased with the outcome mean that it's not true that 'the vast 
majority of [the phishing sites] we saw were on rootkit-ed Linux boxes'?

Assuming they aren't just lying, it could be sampling error - perhaps 
their sample contained more Linux boxes than M$ boxes to start with.  Or 
it could be that there simply are more Linux machines in those parts of 
the internet that are more likely to be attacked (more accessible? more 
attractive?  I don't know enough about rootkits to have any idea why 
this might be).  Or it could be that Linux boxes are more susceptible to 
this kind of attack than we assumed (although, again, I don't know 
enough to guess why).  There may be other explanations.

I hope we can just assume this is FUD.  Does anyone more familiar with 
server security have anything consoling thoughts?

Mac