I've seen discussion of this on a few sites, but none of them explain how this is Linux related. It appears they find vulnerable installations of JBoss and PHP applications to gain access, but there are no details around persistence. i.e. They cover the C&C aspect, but not the root attack vectors and persistence.<p>Does anyone have a link to the Linux rootkit aspect?