Munir Kotadia of ZDNet concludes that common antivirus scanners are being used as test-beds by virus writers to make sure that their new, uh, “products” are missed by them when they’re released.
Linux is still an unpopular platform for virus writers, I think mainly because the platform is so varied; under ’Doze, you only need to think about a few platforms, and they all run through a pretty much identical interface, which make virus creation relatively straightforward.
Under Linux, most platforms are x86-based, but you are also facing PowerPC as well as the 64-bitters and so forth, and might be pushing the interface through one of several interfaces (GNOME, KDE, etc) with varying levels of security (most distributions set their interface security differently by default, and may use different login managers etc) & the various techniques for doing sneaky things (which real applications practically never do) like invisible windows or movement may not work.
This would be why 80% of modern malware whistles past the scanner programs under 'Doze.
The obvious solution is to not run an environment where the malware feels “at home”. That would include Linux.
Speaking from practical experience, it works for my customers... total LAN meltdowns are very rare amongst them.