Compromised web servers infected with Linux-based malware have been used to target visitors by spreading Windows malware, with up to 25,000 suspected cases in the past two years, researchers note.
Network operators and IT specialists have been informed to look out for select Linux malware, to ensure they haven't been caught up in the Operation Windigo cybercrime effort. The server takeover campaign still is running up to 10,000 hacked servers, which are used to distribute malware, send spam, and infect users with sophisticated rootkit exploits.
"There are two kinds of victims here: Windows end-users visiting legitimate websites hosted on compromised servers, and Linux/Unix server operators whose servers were compromised through that large server-side credential stealing network," researchers note.
Four European research groups helped compile the information, as the cybercriminals behind these threats are clever and don't leave behind a big electronic signature for investigators to follow.