E-Mail Scam Dupes Linux Users | eWeek

E-Mail Scam Dupes Linux Users

Verfasst von
Matthew Broersma
Matthew Broersma
Oct 25, 2004
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Red Hat Inc. on Saturday warned users of an e-mail scam designed to plant malicious code on users systems. The malicious e-mail poses as a security update from the vendor, a technique that has become familiar to Windows users, but is a novelty in the Linux world.

The e-mail, which has been circulating since late last week, says it originates from the “Red Hat Security Team” and urges users to download a patch fixing vulnerabilities in the ls and mkdir file system utilities. To add a veneer of authenticity, the scammers used an authentic-seeming domain name, fedora-redhat.com, to host the malicious download.

/zimages/3/28571.gifRed Hat increases security in its latest update.Read more here.

“The Red Hat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update,” the message says. The e-mail message and the site contained instructions for downloading, decompressing and installing the false update.

The fedora-redhat.com domain name was reported to have been displaying the fake security message as late as Sunday, but by Monday morning it was no longer available. Fedora is Red Hats Linux distribution for technology enthusiasts and hobbyists; the company maintains an authentic Fedora site at fedora.redhat.com.

Red Hat became aware of the scam on Saturday, and issued an advisory on the front page of its security site. “These trojan updates contain malicious code designed to compromise the systems they are run on,” said Red Hat Security Response Team leader Mark Cox on Monday, in a statement provided to eWEEK.com.

/zimages/3/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Cox said the company never sends unsolicited security messages and noted that all genuine messages and packages are signed with a GPG (Gnu Privacy Guard) digital signature, the details of which are available on Red Hats site.

Windows has been hit by several worms that spread via e-mails masquerading as security patches; for example, a version of the Dumaru worm last year spread via fake Microsoft e-mails. A related problem is the proliferation of phishing e-mails, which lure users (on any platform) to a supposedly authentic Web site, where they are induced to enter sensitive information such as bank account details and passwords to e-commerce accounts.

/zimages/3/28571.gifCheck out eWEEK.coms Linux & Open Source Center for the latest open-source news, reviews and analysis.

/zimages/3/77042.gif

Be sure to add our eWEEK.com Linux news feed to your RSS newsreader or My Yahoo page

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.