[fao_]

> I think the real answer is that relatively few people use GNU/Linux

95% of the server market, though. Which is a huge proportion of attack space. Why steal one sod's credit card numbers when you can steal 100s of them at the same time.

[jcranmer]

When you attack a server, you don't use a virus, you use a phish or something else to gain access to it to do your dirty bidding.

What people call "viruses" usually refer only to attacks that work by getting people to execute random crap on their computer with their privileges. Servers are set up and administered in a way such that it is far harder to get somebody to run the payload containing the virus in the first place, so viruses target machines that are administered by end users (which would include home computers and smartphones!). The 95% market share for servers is irrelevant since viruses don't target servers in the first place.

[geofft]

It occurs to me that malicious code that scans WordPress etc. sites for vulnerabilities, installs itself, and sends spam and propagates itself does match the general shape of a virus (even to the point where pattern-matching antivirus would genuinely be effective against it). We just for whatever reason tend not to refer to it as a "WordPress virus," but rather e.g. a "reverse shell" or a "botnet."

[Beldin]

I'd call that a worm, not a virus. The main distinction being that a worm propagates all by itself, while a virus requires some user action.

[ohithereyou]

>Servers are set up and administered in a way such that it is far harder to get somebody to run the payload containing the virus in the first place

So this is why the 'curl | bash' idiom feels like an anti-pattern to me...

[goatinaboat]

Right. Every time you read about a million credit cards being stolen it’s almost certainly from a Linux server, meanwhile the community is patting itself on the back because no viruses are targeting the tiny number of Linux desktop users...