Slashdot Mirror


Beware 'Fedora-Redhat' Fake Security Alert

rixdaffy writes "I just received an email from the 'Redhat Security Team' telling me that I needed to download some tar file from fedora-redhat.com. Besides the fact that I don't use Red Hat/Fedora, I immediately smelled something fishy. Maybe it's not the first trojan targeted at Linux users, but together with the official sounding domain, it could trick some users into downloading and running the binary. It looks like Red Hat is already aware of the issue." According to Red Hat's page, "These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code." Update: 10/25 01:32 GMT by T : One borked link, unborked.

8 of 628 comments (clear)

  1. We knew this day would come by Orgazmus · · Score: 4, Insightful

    Adopting dumb users had to bring the ones exploiting the stpidity with them. Even tho running as a non-admin should help againts these things, there is no cure against security holes between the chair and the keyboard.

    --
    The system had the verbosity of HTML combined with all the readability of compiled assembly viewed as bitmap images
  2. About Time by Mr.+Arbusto · · Score: 4, Insightful

    It's fishing, it happens on every platform and requires the user to do something they think is in their best interest. Nothing new.

  3. Real link? by chrispyman · · Score: 5, Insightful

    Why not just use the real link and slashdot their site into oblivion!

  4. Re: text by Inf0phreak · · Score: 5, Insightful

    Why post the text instead of having the /. crowd flood their server to see what they've put up there? Potentially that could bring the server offline and cost them a bundle for a great two-sided effect (OK, the latter is not that cool if it's just some rooted box, but at least it would prevent anyone being affected if it was /.'ed to hell).

    --
    ________
    Entranced by anime since late summer 2001 and loving it ^_^
  5. Christ, they didn't do a very good job... by Nailer · · Score: 5, Insightful
    The domain name was a good start, but these kids will have a hard time fooling anyone since they've ignored most of the basics:

    • Most users who install security upgrades won't be running Red Hat 7.x.
    • Red Hat is two words. Both begin with capitals.
    • Red Hat use packages. Not hard guys.
    • Security updates are provided through up2date. If they were smart, they would have provided an up2date source to use.
    • The exclamation marks in 'Apply this patch!' seem a little un vendor-like
  6. Re: text (Why? Because.) by turnstyle · · Score: 5, Insightful
    Why post the text instead of having the /. crowd flood their server to see what they've put up there?

    Because sending loads of traffic to a site that is actively trying to get a trojan onto unsuspecting boxes seems like a pretty bad idea.

    Apart from those that might click through without bothering to RTFA, and mistakenly think that it's a legit patch, there are also all those browser exploits (such as the Microsoft jpeg exploit) that could also be waiting on the site for unpatched systems.

    --
    Here's what I do: Bitty Browser & Andromeda
  7. Re:bastards by vsync64 · · Score: 5, Insightful

    Red Hat should simply rename the file on their site, change the links to it, and then replace it with a "THIS IS FRAUD" PNG.

    --
    TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
  8. Re: text (Why? Because.) by Feanturi · · Score: 4, Insightful

    without bothering to RTFA, and mistakenly think that it's a legit patch,

    Though it's a shitty thing for someone to be doing, as it is anytime somebody tries to get a virus or exploit going, it is at the same time a very amusing example of one. Think about it, the concept of this one has a certain beauty: It is meant to be activated while the machine is under the control of someone who should know better. There is no clueless-luser-carelessly-clicking that can be done here, you've got to know some basic geek stuff to go get the 'patch', unpack it, install it.. You've got to expend a reasonable amount of effort to get nailed by this thing. That is both its curse and its beauty.