Slashdot Mirror


Beware 'Fedora-Redhat' Fake Security Alert

rixdaffy writes "I just received an email from the 'Redhat Security Team' telling me that I needed to download some tar file from fedora-redhat.com. Besides the fact that I don't use Red Hat/Fedora, I immediately smelled something fishy. Maybe it's not the first trojan targeted at Linux users, but together with the official sounding domain, it could trick some users into downloading and running the binary. It looks like Red Hat is already aware of the issue." According to Red Hat's page, "These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code." Update: 10/25 01:32 GMT by T : One borked link, unborked.

13 of 628 comments (clear)

  1. We knew this day would come by Orgazmus · · Score: 4, Insightful

    Adopting dumb users had to bring the ones exploiting the stpidity with them. Even tho running as a non-admin should help againts these things, there is no cure against security holes between the chair and the keyboard.

    --
    The system had the verbosity of HTML combined with all the readability of compiled assembly viewed as bitmap images
    1. Re:We knew this day would come by DissidentHere · · Score: 3, Insightful

      Why would anyoen even bother trying this kind of cheap social engineering with Linux users at this point. What /. reader would actually fall for this shit? We all make fun of security through obscurity, but *nix users also tend to have security through intelligence.

      Here is where the real danger lies, getting Linux on the desktop and having your grandma fall for this type of tripe, it will give *nix a bad name. "Oh no, Linux is just as vulnerable as Windows" No - its the users that are vulnerable, and the users that need to be educated. We all do what we can to lock down our boxen, but in the end it too often comes down to what's between the chair and the keyboard.

      --
      "None of us are as dumb as all of us." - meeting mantra
  2. About Time by Mr.+Arbusto · · Score: 4, Insightful

    It's fishing, it happens on every platform and requires the user to do something they think is in their best interest. Nothing new.

  3. wont work by Anonymous Coward · · Score: 3, Insightful

    Don't most Fedora people use yum to keep their systems up to date? I don't think many Fedora/Red Hat admins would fall for this.

  4. Real link? by chrispyman · · Score: 5, Insightful

    Why not just use the real link and slashdot their site into oblivion!

  5. Security only works when you know what to check by LostCluster · · Score: 3, Insightful

    Red Hat's reply to this issue is pretty straight-forward. They've already taken all of the steps to properly sign their real updates, and this should stand out as a fake because it lacks all of those digital signatures.

    However, what good is that against Joe User who falls for the bait and things the e-mail is authentic because they believe everything they read on their screen? They don't know to check for the "security seals" and since they don't see any red flags indicating that this is bogus.

    It's something in info security that disconnects when dealing with average users. They don't know what to look for, and therefore the absense of those marks is not alarming to them as it is for us... a little something that needs to be cleaned up before Linux is ready for desktop primetime.

  6. Re: text by Inf0phreak · · Score: 5, Insightful

    Why post the text instead of having the /. crowd flood their server to see what they've put up there? Potentially that could bring the server offline and cost them a bundle for a great two-sided effect (OK, the latter is not that cool if it's just some rooted box, but at least it would prevent anyone being affected if it was /.'ed to hell).

    --
    ________
    Entranced by anime since late summer 2001 and loving it ^_^
  7. Christ, they didn't do a very good job... by Nailer · · Score: 5, Insightful
    The domain name was a good start, but these kids will have a hard time fooling anyone since they've ignored most of the basics:

    • Most users who install security upgrades won't be running Red Hat 7.x.
    • Red Hat is two words. Both begin with capitals.
    • Red Hat use packages. Not hard guys.
    • Security updates are provided through up2date. If they were smart, they would have provided an up2date source to use.
    • The exclamation marks in 'Apply this patch!' seem a little un vendor-like
  8. Re:Here's what WHOIS says: by ironfrost · · Score: 3, Insightful

    There IS a Raymond Jackson that lives at that address (except that it's in CA rather than NY, as has been previously noted) so it's not completely made up. Although, whether he's really the perpetrator or simply someone the real criminal doesn't get on with is still a matter of doubt. In any case, all his details (including e-mail address and phone number) can be easily found from a Google search - he runs a chapter of a Historical Minatures Gaming Society in his area (HMGS West, near the bottom of the page).

  9. Re: text (Why? Because.) by turnstyle · · Score: 5, Insightful
    Why post the text instead of having the /. crowd flood their server to see what they've put up there?

    Because sending loads of traffic to a site that is actively trying to get a trojan onto unsuspecting boxes seems like a pretty bad idea.

    Apart from those that might click through without bothering to RTFA, and mistakenly think that it's a legit patch, there are also all those browser exploits (such as the Microsoft jpeg exploit) that could also be waiting on the site for unpatched systems.

    --
    Here's what I do: Bitty Browser & Andromeda
  10. Re:bastards by vsync64 · · Score: 5, Insightful

    Red Hat should simply rename the file on their site, change the links to it, and then replace it with a "THIS IS FRAUD" PNG.

    --
    TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
  11. Re: text (Why? Because.) by Feanturi · · Score: 4, Insightful

    without bothering to RTFA, and mistakenly think that it's a legit patch,

    Though it's a shitty thing for someone to be doing, as it is anytime somebody tries to get a virus or exploit going, it is at the same time a very amusing example of one. Think about it, the concept of this one has a certain beauty: It is meant to be activated while the machine is under the control of someone who should know better. There is no clueless-luser-carelessly-clicking that can be done here, you've got to know some basic geek stuff to go get the 'patch', unpack it, install it.. You've got to expend a reasonable amount of effort to get nailed by this thing. That is both its curse and its beauty.

  12. Re:I love it! by Tony-A · · Score: 3, Insightful

    Do you know if there's a cure for this?

    You don't want a cure for this.

    If you want a legitimate comparison between Linux and Windows security, observe:

    This is new and fresh enough to "set up a sandbox environment and run it, to see what happens!" Another Windows similar thingee, "been there done that".

    Dated 23rd October 2004 on http://www.redhat.com/security/ which means that Red Hat was on top of it fast. This isn't the kind of thing that Slashdot sits on and Red Hat was one day plus ahead. For comparison, it took about 6 days for Microsoft to return anything about Code Red on a search from microsoft.com. That's 6 days after appearing on Slachdot (compared to 1 day before).