Users of Red Hat Linux have been targeted by a fraudulent electronic mail advising recipients to install a “security update” containing mailicious code. The mails, which began circulating on Thursday, mimic social engineering tactics used in numerous scams targeted Windows in recent years, attempting to infect computers with an email link to malicious code. Red Hat may feel complimented that the social engineers think that its user community is now large enough for an attack like this to be worthwhile.
The e-mail, bearing the subject “RedHat: Buffer Overflow in ‘ls’ and ‘mkdir’” warns of a “critical-critical update” that could allow a remote attacker to execute arbitrary code with root privileges. It includes a link to a tar file housed on a personal account on Stanford University’s network. “The link points to a ‘compiled’ shell script that adds a root user and sends system info to an email address,” said Red Hat security director Mark Cox, who said the company worked with US-CERT and Stanford to get the link shut down.
Red Hat’s security team is reminding users to be mindful of its standard practices in issuing alerts and patches. “Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address firstname.lastname@example.org, and are digitally signed by GPG,” the company said in on its web site. “All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified.”