Phishing - Linux boxes are vulnerable

[Claude Jones]

"More interesting is that most of the compromised machines were not Windows
machines. "The vast majority of [the phishing sites] we saw were on
rootkit-ed Linux boxes, which was rather startling. We expected a
predominance of Microsoft boxes and that wasn't the case.""

http://tinyurl.com/36nfsm

The above comments were made at a MS sponsored conference. MicroSoft has a 
history of sponsoring stuff like this. Even if it was an exaggeration - I've 
never heard of a big problem with Linux boxes getting root-kitted - is it 
something happenning under the radar? I've read over and over that Linux is 
much more secure than it's big counterpart - what sorts of vulnerabilities 
are people opening up to allow Linux machines to be root-kitted? I am aware 
of the ssh problem, and have followed the discussions on locking down ssh for 
years, including the other thread that's running currently. What other sorts 
of things must people do to open themselves up to being rootkitted? This is 
the first time I've seen such a claim, and it took me by surprise...so, I'm 
asking. 
-- 
Claude Jones
Brunswick, MD, USA