Less casual attacks, but why?
by Anton Chuvakin
Related link: http://www.honeynet.org/papers/trends/life-linux.pdf
People are used to an ever-increasing flow of attacks against Internet-exposed system. Thus, the latest research from the Honeynet Project might come as a surprise to many (I certainly was susprised when I first noticed this trend in my honeynet, run as a part of the Project).
Linux systems are actually attacked much less now than 2-3 years ago. Not only the systems are attacked less, they survive much longer even if no security safeguards are applied. It was unthinkable that an unpatched RedHat box will sit there for 3 months, but now it happens fairly often. Obviously, default Linux installs are much more secure now, but this is only part of the picture...
Well, r00ting boxes usually serves a purpose, it's not an end in itself. What were r00ted machines used for before? If, as I suspect, the answer is spam zombies, then maybe the crackers have simply found that their needs are already well covered so that “acquisition” is no longer as pressing a need.
Up until last year (or so) most attacks were either targeted at a specific system in order to harm that system's owners or they were aimed at gaining bragging rights among peers in the cracker community.