[choudanu4]

The security researcher who was interviewed was not able to garner how the malware gets in as that would require breaking into the infected systems, which he was not prepared to do (as it would be illegal).

The entire podcast was simply statistics, with the occasional repeated reminder to update packages.

The key takeaway was that linux servers when infected are often used as attack vectors for distributing a further set of malware on windows computers (which are the end target). The estimate from the podcast said of the compromised URLs that the researcher investigated, 80% ran some derivative of linux (i.e. apache server) and 20% were windows (an insignificant [~.1%] were other OSs). Another point, the researcher claimed was that 20% of the "compromised" linux URLs were actually infrastructure set up by exploiters themselves, rather than servers taken over forcibly. A final point, the researcher noted that many (no definite statistic here) of the compromised linux servers were running old versions of software (be it apache or whatever).

TL;DR: Linux servers (when compromised) are often used as attack vectors to distribute malware to Windows computers (which are the end targets).

[em3rgent0rdr]

Sounds like the title should have been, "when malicious internet servers attack!"

>> "The security researcher who was interviewed was not able to garner how the malware gets in as that would require breaking into the infected systems, which he was not prepared to do (as it would be illegal)."

Not much of a security researcher if we aren't breaking into systems. My understand of the term "security research" is that you hack into systems under safely quarentined experimental setups to provide specific knowledge of how, in order to improve future systems.