New Phishing Expedition Targets Red Hat/Fedora UsersOct 25, 2004, 02:30 (4 Talkback[s])
(Other stories by Brian Proffitt)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
By Brian Proffitt
It's not often that someone tries launching a trojan attack on Linux users, but earlier this weekend it appears that someone was trying to do just that to Red Hat and Fedora Core users.
An e-mail message was sent to several Red Hat users over the weekend, claiming to be from the RedHat [sic] Security Team. The note warned recipients to download and install a patch for fileutils-1.0.6, indicating that a vulnerability "could allow a remote attacker to execute arbitrary code with root privileges."
The note was seen in the wild earlier this weekend, but it is still being delivered. This reporter received the message as late as 6:55 PM EDT today. The message arrived five times, and were all delivered to my work account, which is not the account I use to register products.
The content of the note, complete with Red Hat logo, tries to tell a good tale, as seen below, but the spelling errors and the improper From address are clues of the note's false nature.
The domain fedora-redhat.com is part of a netblock owned by Yahoo, according to Netcraft.com. It is not an official Red Hat site.
The security team at Red Hat has already noted the existence of the fake warning, and has posted this message, dated October 23, at http://www.redhat.com/security/:
Red Hat and Fedora Core users are urged not to download or install the software highlighted in this ficticious message.
0 Talkback[s] (click to add your comment)