Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected.
Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine.
Because Linux is highly reliable and a great platform for running server software, Linux machines are desired by phishers, who set up fake Web sites, hoping to lure victims into disclosing their passwords.
He also noticed that the grammer and speling on phishing e-mails is improving. Maybe No Child Left Behind is working after all.