What you must know

Linux is not immune to advanced malware, like rootkits and trojan horses, and to Zero Day exploits.

On any generic Linux distribution a rootkit can use social engineering to steal the root password; it can also use a memory exploit if the system is not up-to-date and execute a shell script as administrator without user interaction and without visible effects.

On Ubuntu, where sudo is often installed but not correctly configured, a malware just needs the password of the current user to execute administrative actions and infect the system.

If you have setuid executables installed and they use an interpreter (like, for example, older versions of Nmap did), they can be used to circumvent the account barrier and execute administrative actions.

Modern rootkits will try every possible way to obtain the root access and load a new kernel module to gain total privileges and hide other infections.

How to protect yourself

Basic precautions

I've made a little todo list:

• Never give the root password to your users in a multi-user system;
• Never insert the root password in untrusted applications (downloaded from unofficial repositories) if not absolutely necessary;
• Update your Ubuntu system at least every month from the official repository and leave only the latest 2 updated kernels installed.
• Do not use unstable or in-development software.
• Use gufw or another wrapper to configure the firewall and block unused ports for IN/OUT:TCP and IN/OUT:UDP.
• Configure passwd to impose a minimum password length, because a malware can brute-force weak passwords.

After that, install and use tiger to check for security issues in your system.

Advanced precautions

These precautions will drastically improve your security, but they need regular maintenance after installing new software and are for advanced users:

• Use SELinux to protect the sensible configuration files, sudo alone offers limited guarantees of security against security experts. You should consult the official reference before using it, since it can limit the root access rights and lock you out if not configured correctly. It is a very advanced and powerful tool, experiment on a Virtual Machine before using it in production.
• Use Apparmor (installed by default on Ubuntu), which provides protection by limiting a program to a particular set of directories and guarantees a good protection even to non-technical users. To get started with it, you will need to install Apparmor "profiles" to some common programs. You may install them like so: sudo apt install apparmor-profiles apparmor-profiles-extra apparmor-utils and then enable them by running sudo aa-enforce /etc/apparmor.d/*.
• Firejail is an easy-to-use sandbox that reduces the risk of security breaches by restricting the running environment of untrusted applications with multiple tecniques. You can use it to isolate your web browser and obtain some extra protection against in-memory exploits.

All those precautions will increase the security of their respective areas of effect but decrease the performance of the whole system if the hardware is old. In fact, we often find them in enterprise servers, to protect the important (or public) network nodes.

^{Thank you to user311982 for the useful suggestions.}

Even if Linux is more secure than the other systems, it does not mean that is immune. My little guide is not exhaustive, fell free to comment under here if you have more questions.

By definition, a rootkit is not a kit to obtain root privileges; rather, it is a kit to keep them once they've been obtained. Thus a rootkit in the strictest sense is useless without root permissions.

Of course, in real life, rootkits will likely come as part of a larger overall malicious package, generally fetched and deployed by a dropper, containing various exploits intended to get root privileges. One might colloquially refer to that whole package as "a rootkit" since the rootkit is the payload, and while this isn't a technically accurate way to refer to it, splitting those hairs won't keep your system safe. :)

If you're a normal user, you should be concerned with not introducing malicious software to the system. If you do get rooted, you're going to be completely helpless to do anything about it unless you have root privileges.

Nevertheless, having studied malware fairly extensively, my advice is that if you know a system has been in any way infected by malicious software (regardless of permission level), you should assume the entire thing is now malicious and kill it with fire, which is to say, wipe the hard drive and reinstall, preserving as little data as possible, and that having been scanned from a live OS using multiple anti-malware programs.

The only non-specialized case in which this wouldn't be the proper course of action is if you trust the malware not to do anything too malicious. But why would you trust malware not to be malicious? Sounds like a losing strategy to me.