Mat Nisbet, a malware data analyst at Symantec Hosted Services, explained in a blog post yesterday that he decided to dig deeper into the potential causes.
"On investigating the originating IPs of a random selection of spam from Linux, I found that in most cases it came from a machine running an open-source mail transfer agent, such as Postfix or SendMail, that had been left open," he said.
"This suggests that one reason there is so much spam from Linux could be that many companies that have implemented their own mail servers, and are using open-source software to keep costs down, have not realised that leaving port 25 open to the internet also leaves them open to abuse."
Nisbet further explained that some botnets may be able to search specifically for machines that have port 25 left open.