Joining the ranks of Windows' users victimised by spoofed security alerts, Linux users have received bogus messages directing them to download updates that are in fact trojan horses, Red Hat has announced.
The email, which carried the sender address security@redhat.com and an initial subject head of "RedHat: Buffer Overflow in 'ls' and 'mkdir'" instructs users to download and install a purported patch. In an advisory on its website, Red warned that the "patch" is actually a trojan designed to compromise systems.
"Official messages from the Red Hat security team are never sent unsolicited," said the company in its advisory, and "are always sent from the address secalert@redhat.com and are digitally signed."
After the initial spammed wave, said Finnish security firm F-Secure, someone used phoney information to register the domain "fedora-redhat.com" which is very close to "fedora.redhat.com" the official site of the Fedora Project, a free OS supported by Red Hat.
The second spam run directed recipients to fedora-redhat.com for the fix.
Early this week, F-Secure noted that the supposed "patch" and the fedora-redhat.com site were no longer online.
Windows users have been targeted several times with similar bogus security messages, most notably in 2003 when the Swen worm disguised itself as a patch attached to messages claiming to come from Microsoft.
This, however, is the first instance of the tactic applied to Linux users.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
