A couple of weeks back Symantec’s MessageLabs division came up with some stats on the disproportionate amount of spam coming from Linux servers, measured using packet analysis capable of identifying the sending OS.
Let’s put this in perspective. Almost 93 percent came from Windows machines, leaving the rest to be divided among a range of Unix systems, including Linux at just over 5 percent. Linux, they noted, has a 1 percent market share, so the apparently high number deserved an explanation.
There are various views on why the company’s fingerprinting would detect Linux so often, including the high use of Linux among ISPs handling email traffic. Now, however, messageLabs has come up with more detail on its initial finding and it offers a few clues to a larger explanation.
Most spam comes from botnets but these appear to have a much lower grip in the Linux world, accounting for only 36 percent of Linux spam. According to new stats from MessageLabs, the Bobax and Rustock botnets account for most of this.Most Linux-sent spam is in English (and pushes exactly the same things as does any spam, namely pharmaceutical delicacies) but an unexpectedly high percentage is in Portuguese.
Either way, a random analysis of machines sending this spam found that many are Postfix or Sendmail relays left open to port 25 traffic. MessageLabs does agree that, overall, ISP Linux use probably skews the figures, but also reckons that many Linux servers are being run by less than competent SMEs trying to save money by using open source software.
If one accepts this, this confirms that the image of Linux being used by some of the Internet’s best techies - and some of its worst - might not be far off the mark.
Any SMEs, especially based on countries such as Portugal, please take note. Running your own email server does not absolve you of the responsibility to restrict port 25 to the local LAN.
Find your next job with techworld jobs