X
Tech
Home Tech Security

Red Hat warns of malicious security 'update'

Linux maker Red Hat is warning users about an e-mail that pretends to be an official security advisory but is actually a phishing-type scam that contains links to malicious code.The fake e-mail appears to have been sent from "security@redhat.
Written by Munir Kotadia, Contributor
Linux maker Red Hat is warning users about an e-mail that pretends to be an official security advisory but is actually a phishing-type scam that contains links to malicious code.

The fake e-mail appears to have been sent from "security@redhat.com" and was first spotted on Friday evening with a subject line: "RedHat: Buffer Overflow in 'ls' and 'mkdir'".

The e-mail contains instructions on how to load and install a 'patch', which Red Hat warns is likely to contain malicious code.

Red Hat said its official security messages are sent from secalert@redhat.com and are digitally signed.

According to the company's Web site: "All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified".

Windows users have been successfully targeted a number of times with malware disguised as a fake 'security update'.

One of the most successful worms of 2003, Swen or Gibe.F, was disguised as a Microsoft patch to fix a flaw in Internet Explorer.

Less than four months later the tactic was tried again, but this time the Xombe or Trojan.Xombe worm, posed as a critical update for Windows XP.

The most recent attempt to fool Windows users was the Sober.D worm that masqueraded as a fix for the MyDoom worm.

Editorial standards
Show Comments

Related

The AGM Pad P2 tablet.

I did not expect this $170 Android tablet to be as impressive as it is

Makita Impact XPS Mag Boost and a set of Wera Screw Grippers

My 2 must-have tools to make DIY projects a lot less frustrating (and they're cheap)

Best Buy Essentials TV antenna review | Best TV antenna

The best indoor TV antenna you can buy: Expert tested