E-Mail Scam Targets Red Hat Users

Microsoft users may feel as though they’re the only ones constantly under attack from hackers, but they’re not alone with that dubious distinction. Late last week, Red Hat, the Raleigh, North Carolina-based Linux provider, was also hit.

The threat came in the form of a fake security warning. The e-mail alerts were sent from the address [email protected], with a subject line that reads “RedHat: Buffer Overflow in ‘Is’ and ‘mkdir.'” Recipients are directed to download an alleged patch, which in fact enables a remote attacker to execute malicious code with root privileges.

Warning to Users

Red Hat spokeswoman Leigh Cantrell Day provided the company’s statement about the attack: “Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address [email protected], and are digitally signed by GPG. All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified.” More details are available onRed Hat’s Web site.

Despite widespread attention, Ken Dunham, Director of Malicious Code at iDefense, which provides security intelligence to governments and Fortune 500 organizations, characterizes the Linux Trojan as a low threat. “It looks like there was a low volume of e-mails that spread over a period of several days,” he says.

Unfocused Attack

“While it does show that Linux is always on the mind of some, this attack seems to be fairly opportunistic and unfocused,” Dunham added. Even non-Red Hat customers have reportedly received the e-mails.

According to Dunham, an attack such as this is not nearly as serious as ones that allow viruses to be downloaded from known, trusted sites. The update link given in the messages is “www.fedora-redhat.com.” Red Hat sponsors The Fedora Project, a community-supported open-source project, but it is not a company product.

This is, Dunham said, by no means “the kind of organized, targeted, methodical attack that we’ve seen just seen in Brazil,” where officials arrested more than 50 people in what they called a US$30 million Internet fraud. That scam involved infected e-mail attachments that could store online bank account information and divert funds. Brazilian police have called the country home to eight out of 10 of the world’s hackers.

The approach is nothing new, either. Last fall, Windows users were targeted with a mass-emailing about a security patch from Microsoft. These messages contained a virus that had the ability to steal account information and e-mail server details.