- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Security experts are warning of a phishing scam that targets Red Hat Linux users with a “patch” that is actually a Trojan horse.
The fake message looks like it comes from the “Red Hat Security Team” and warns of a vulnerability in the operating system’s “ls” and “mkdir” commands. It claims “this is a critical-critical update” and that user must take a number of steps to rectify the situation. Those steps including downloading a patch from the fedora-redhat.com domain, which looks like an official Red Hat site but is not.
According to an advisory from K-Otik, a security consultancy in France, the downloaded file creates a user account called “bash” with no password, grabs the infected machine’s IP address and uptime, starts an secure shell daemon and sends the information to a remote address. An attacker can then use the newly created account to access the system remotely.
The e-mail seems to have been sent randomly to general Webmaster addresses for sites and not to any particular mailing list
for Red Hat Security issues, according to Tom Liston, a handler with the Internet Storm Center.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment