The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that "any given Linux machine is five times more likely to be sending spam than any given Windows machine."
I am generally one of the first to point out that the security risks associated with the Windows operating system are often exaggerated, or at least that the relative threat level is a function of market share, and that if Linux or Mac OS X had 90 percent market share those systems would be at least as vulnerable, and at least as targeted by malicious attack as Windows is now. That said, saying that Linux is five times more likely to distribute spam than Windows seemed like skewed math for the sake of sensationalism.

I checked with other malware security experts to gather some additional insight on the issue of Linux as a purveyor of spam. What I found was a consensus regarding the root cause behind the metrics, and ultimately that Linux may, in fact, be an inordinate source of spam messages.

Tyler Reguly, lead research engineer for nCircle, told me "I actually find the report rather odd, and also question their methods for remote fingerprinting. If they were using passive fingerprinting on mail coming into their server, they wouldn't necessarily have an accurate fingerprint of the host sending the mail. They could instead be fingerprinting a mail server with an open relay, or an ISP "smarthost". They also acknowledged that much of the Linux attributed spam could be coming from direct marketing emails... these would most likely be mailed out through a proper mail server (which is quite likely to be running Linux)."

The link for this article located at PC World is no longer available.