There’s a fake security alert targeting users of Red Hat’s
Fedora distribution, the company warned in an advisory.
The Linux distributor posted a note on its security updates page to
caution users against downloading security updates received via e-mail.
“These e-mails tell users to download and install malicious updates.
These Trojan updates contain malicious code designed to compromise the
systems they are run on,” Red Hat said.
Red Hat, which markets a product line that includes server and
embedded operating systems and database applications, made it clear that
official messages from its security team are never sent unsolicited and
are always digitally signed and sent from the “firstname.lastname@example.org”
“All official updates for Red Hat products are digitally signed and
should not be installed unless they are correctly signed and the
signature is verified,” the company said.
Anti-virus firm F-Secure also put out a notice for the fake alerts,
which uses the spam technique to try to get Fedora users to download a
malicious root kit. F-Secure Director of
Anti-Virus Research Mikko Hyponnen said the attacker registered the
“fedora-redhat.com” domain, which is almost identical to the official
Hyponnen said a large spam run was then engineered targeting Linux
users with a message that claimed there was a security flaw in the Linux OS and that
a fix was available from the fake URL.
It is not the first time that attackers have used e-mail spam to
spread malicious files via fake software security alerts. Last
September, a mass-mailing virus masquerading
as a security patch from Microsoft
was being spread
via e-mail with the ability to steal account information and e-mail
server details from infected systems.