Botnets exploit Linux owners' ignorance

A lack of knowledge and awareness about how to use Linux mail servers could be contributing to the disproportionately large number of Linux machines being exploited to send spam, according to new Symantec Hosted Services research.

The firm's latest monthly MessageLabs Intelligence Report found that Linux-based computers are five times more likely to send spam than Windows PCs.

Mat Nisbet, a malware data analyst at Symantec Hosted Services, explained in a blog post yesterday that he decided to dig deeper into the potential causes.

"On investigating the originating IPs of a random selection of spam from Linux, I found that in most cases it came from a machine running an open-source mail transfer agent, such as Postfix or SendMail, that had been left open," he said.

"This suggests that one reason there is so much spam from Linux could be that many companies that have implemented their own mail servers, and are using open-source software to keep costs down, have not realised that leaving port 25 open to the internet also leaves them open to abuse."

Nisbet further explained that some botnets may be able to search specifically for machines that have port 25 left open.

"Anyone who wants to take advantage of the fact that Linux, and most of its software, is free, needs to be aware of how to set it up correctly so that it is secure," he said.

"Make sure that the systems are correctly set up to restrict access on port 25 to only authorised users, for example attached to the local network or through a virtual private network."