According to this:
http://www.symantec.com/connect/blog...n-cyber-attack
the malware resides on a windows box, and watches for anyone making ssh connections from the windows box to a linux box. Then if it can (if the ssh connection logged in as root) then it wipes the /kernel, /usr, /etc, and /home directories.
Conclusion - don't ssh from windows boxes into linux boxes as root, especially not using mRemote. It's the windows box that you can't trust. Actually, I thought I read somewhere else that it also forwards the ssh login credentials to a server somewhere on the internet (presumably for later use by the baddies). So even using non-root ssh from a windows box is not safe.
Edit:
Two afterthoughts:
Firstly, this malware is remarkably dumb. If it can hijack root ssh connections like that, it would be much smarter to drop proper malware such as a backdoor than to simply wipe the target machine.
Secondly, Ubuntu is more vulnerable than most other linux's in that even if the user doesn't log in as root, the same password that's used in the ssh credentials can probably be used again with sudo to gain root. Most other linux distros would require a different password to gain root, although the malware could still do keyboard logging to find it.
Bookmarks