It's a ssh problem.
See http://thehackernews.com/2014/03/operation-windigo-linux-malware.html

Quote from: http

No vulnerabilities were exploited on the Linux servers; only stolen credentials were leveraged. We conclude that password-authentication on servers should be a thing of the past

I got the impression that the only way the malware was installed was by obtaining passwords.

Well, That makes the Windows bashers into scaremongerers then.... trying to convince Microsoft users that Linux is "safe"...    not so safe as made out to be...

Windows server is equally hackable if not configured properly.
Could say exactly the same for OSX, FreeBSD and most other Operating systems.
Linux like any other operating system contains Bugs and sometimes these can be exploited, Providing things are patched in a timely fashion and good security practice is adhered to there would be a vast reduction in the amount of these "Hacks" that are successful.
Sticking a box online that hasn't seen a secuirty patch for 2 years and leaving the password as "password" or something equally guessable is just asking for it...
That said the bigger problem with linux is when it's used in embedded devices and then the manufacturer can't ever be bothered to update their firmware such is the problem with quite a few SoHO routers.
Or devices where they weren't designed with security in mind like SmartTV's.etc and again the manufacturer doesn't bother to fix the vulnerabilities and because it's been messed around with and is generally had proprietary binary Blobs you're stuffed.

Or just never changing your password for years and years is a security hole.

Quote from: vilefoxdemonofdoom

Or just never changing your password for years and years is a security hole.

Only if it gets compromised,
I could argue that changing your password frequently is equally a security hole as you are then likely not to remember it and then need to write it down... 
Firewalling management interfaces as much as possible alongside secure passwords helps but in most cases if the attacker is good enough and wants to get in they'll probably find a way.

If your server passphrase is short enough for you to easily remember, you are asking for trouble.

Quote from: vilefoxdemonofdoom

If your server passphrase is short enough for you to easily remember, you are asking for trouble.

That depends on how often you have to enter it and how good your memory is