I recently (re)stumbled upon this: Linux Trojan Goes Unnoticed For Almost A Year (Unreal IRCd)
Yes, I know that adding some random PPA/software from an untrusted source is asking for trouble (or worse). I never do that, but many do (many Linux blogs and tabloids promote adding PPAs for fancy apps, without warning that it may break your system or worse still, compromise your security.)
How can a trojan horse or a rogue application/script be detected and removed?
Best Answer
It's always a game of cat and mouse with detection software. New malware is created, scanners get updated to detect it. There's always a lag between the two. There are programs that use heuristics that watch what software is doing and attempt to catch unwanted activity but in my opinion it's not a perfect solution and uses resources.
My advice is simple, don't install software from sources you don't trust but if you are like me and can't avoid the temptation, put them in a virtual machine (ie virtualbox) and play with it until you're confident it won't either bork your system or do things you didn't want.
Again, not a perfect solution but for now, a virtual machine has the best chance of isolating your machine from unwanteds.