Software // Enterprise Applications
News
10/25/2004
01:59 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Linux Users Spoofed By Bogus Security Alert

Unsuspecting Linux users were tricked into possibly downloading a virus.

Joining the ranks of Windows' users who have been victimized by spoofed security alerts, Linux users this weekend received bogus messages directing them to download updates that are in fact Trojan horses, Red Hat announced Saturday.

The E-mail, which carried the sender address of "security@redhat.com" and an initial subject head of "RedHat: Buffer Overflow in 'ls' and 'mkdir,'" instructs users to download and install a purported patch. In an advisory on its Web site, Red Hat warned that the "patch" is actually a Trojan designed to compromise systems.

"Official messages from the Red Hat security team are never sent unsolicited," said the company in its advisory, and "are always sent from the address 'secalert@redhat.com,' and are digitally signed."

After the initial spammed wave, said Finnish security firm F-Secure Corp., someone used phony information to register the domain "fedora-redhat.com," which is very close to "fedora.redhat.com," the official site of the Fedora Project, a free operating system supported by Red Hat.

The second spam run of Sunday directed recipients to fedora-redhat.com for the fix.

Early Monday, F-Secure noted that the supposed "patch" was no longer online. As of mid-morning Monday, the fedora-redhat.com site also was offline.

Windows users have been targeted several times with similar bogus security messages, most notably in 2003 when the Swen worm disguised itself as a patch attached to messages claiming to come from Microsoft.

This, however, is the first instance of the tactic applied to Linux users.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.