The number of malicious programs that attacked Linux operating systems during 2005 was more than double the previous year's figure, according to new research.

In 2004, Kaspersky Lab recorded 422 attacks on Linux; a year later the company recorded 863 attacks.

Kaspersky Lab's 2005 "Nix Malware Evolution Report" provides an overview of the evolution of malware targeting platforms other than Windows and identifies trends on how malware for non-Windows platforms is likely to evolve. The information is based on statistics collected throughout 2005.

The study notes that, while Windows is currently the mainstream computing environment, there are a growing number of alternatives including Linux, FreeBSD and other flavors of Unix. Linux, with its wide variety of implementations, is identified as the "undoubted leader."

"End user machines are the main target for malware attacks. Trojan programs such as Trojan-Spy, Trojan-Downloader and Trojan-Dropper make up the majority of malicious programs for Win32. In contrast to this, most malicious programs targeting systems running Linux are backdoors. These programs provide remote malicious users with full access to the compromised machine, which can then be used as a launch pad for attacks on other machines," the report warned.

According to Kaspersky, as soon as a platform starts becoming more popular, viruses and other malicious programs for this platform will begin to appear. "Initially, such programs will be proof-of-concept; they are designed to show that it is possible to infect a machine in a particular way, and do not, as a rule, have a malicious payload. Firstly, information about a specific vulnerability in an operating system or an application will be made public. This information is then used to create exploits or backdoors which target the vulnerability," the security firm stated.

"Of course, software developers issue patches for known vulnerabilities, but this results in virus writers searching for new methods and weak spots to attack. Overall, malware gains momentum in a snowball like fashion. This is what is currently happening with Win32; although this has not yet happened with malware for other platforms, the key phrase here is almost certainly 'not yet'."