As open source software becomes increasingly popular it is being targeted by virus writers and proving to be at least as vulnerable as Microsoft.

The virus-monitoring laboratory of Network Associates' Antivirus Emergency Response Team (Avert) has logged over 170 viruses and Trojans for Linux, as well as an additional 30 Unix shell scripts.

Of these, six or seven are active in the field at any one time - currently Ramen, Lion, BoxPoison, OSF, Scalper and its modification, Slapper.

The Slapper virus and its clones currently attacking Apache web servers are the most visible side of this move against open source, and the worm itself will be the development environment of choice for virus writers.

Slapper itself is losing steam, with only 2,500 infections for Slapper C compared to Slapper B's 19,200. But the source code is in wide circulation so more variants are on the way.

"People focus their attention on the flavour of the month but there is a longer term problem," said Mark Fisher, presales manager for Trend Micro.

"Linux use is growing 30 per cent year-on-year and while it hasn't been targeted as much, Linux is going to be targeted. Any application - open source or otherwise - will have weaknesses," he added.

Many businesses also run a Unix/Linux back office with a Microsoft mail or office application on the front end, making them doubly vulnerable, said Fisher.

X-Force, the US-based monitoring group of security software firm Internet Security Systems, has been tracking the number of security holes in software.

Last year the centre found 149 bugs in Microsoft software compared to 309 for Linux. This year the situation was worse, with 485 Linux bugs this year compared to Microsoft's 202.

"Considering we're not yet in the fourth quarter this rate indicates that 2002 will have twice as many Linux security bugs as 2001," said Chris Rouland, director of X-Force.

There are also increasing numbers of hybrid attacks: viruses using a variety of attacks and that can utilise a number of different operating systems. Nimda was the first major virus to do this.

Although predominantly aimed at Windows users, Nimda was able to spread to Solaris and AS/400 servers via tapeworm code that passed across with each share.

But Avert's Jack Clark said: "Almost every virus out there is blockable if you take the right precautions. Update your antivirus software, maintain a solid firewall and you should be safe."