Linux generals command Windows grunts in botnet battlefield

Linux servers infected with a mutating virus are commanding huge Windows botnets six years after the malware was discovered, according to security researchers.

The Linux.RST.B virus infects the working directory/bin and its ELF (executable and linkable format) executable files. It can also create a back door by opening a socket and listening for a packet containing the attacker's origin and the command to be executed.

SophosLabs U.K. research director Billy McCourt said Linux boxes are valuable targets as botnet controllers because they are typically remain online as servers.

"Linux computers are very valuable to hackers. A bot army, similar to real armies, needs a general and infantry, [and] Linux boxes are often used as servers, which means they have a high uptime, essential for a central control point," McCourt said.

"A Windows computer, on the other hand, is found at home or as a desktop machine in an office, and these computers are regularly switched off, [which] makes them less attractive as controllers, but ideal for infantry, or zombies," he said.

"We run various honeypots," McCourt said. "As you might also expect, our Windows honeypots are attacked more frequently than our Linux ones, but Linux malware is far more interesting."