It's unfortunate that nearly all articles about Unix malware start by thrashing the same stupid straw man about "Linux users like to think that they are not vulnerable". Any operating system that permits the user to destroy his/her own system's security is "vulnerable" in that trivial and rather meaningless sense of the word, and Unix furnishes the rope to hang yourself, spare blocks and tackles, and a few rope factories and foundries in case you want to make more.
So, when has it ever not been the case that "they too should be careful"?
The .deb was "on gnome-look.org" in the technical sense that it was made available by its third-party author at some URL of the form http://gnome-look.org/CONTENT/content- files/[something].deb, but even a cursory look at the site should have revealed to any member of the public that the site maintainers do effectively zero quality control, that it's an automated "portal" where "Everyone can upload and download artwork, applications, documents and other files."
So, it should have been obvious that the downloaded file was from nobody in particular, for starters -- but then there's the fact that it's a .deb, which requires root/sudo to install, and inherently supports preinst/postinst scripts, run as root.
None of which in the least differs from Koen Vervloesem's point that "An incident like the WaterFall malware can only be avoided when users are trained not to trust third-party software blindly", which is well taken, but there's only so much that can be done to dissuade novice sysadmins from destroying their systems. If they're willing to install as the root user software from unknown parties on the Internet just so they can have "the newest screen savers, themes, and other software to spice up their desktop", the best you can do is gently point them to the CERT document on recovery from root compromise and say "Gosh, it hurts when you shoot at your own foot, doesn't it?"
Even with "more software than the official repositories have", if it's not alleged screensavers, it'll be alleged Internet poker games, alleged video codecs for porn, alleged "birthday cards", etc. -- or various and sundry add-on Web apps.
The only way out is to keep reminding users they're responsible for whom they trust and what processes they run, teach them not to aim that gun at their feet, and teach them how to recognise that type of foot wound and how it got there.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds