nickn
10-24-2004, 10:15 PM
Hot off the press from Red Hat (http://www.redhat.com/security/), a security reminder/warning...
Red Hat has been made aware that emails are circulating that pretend to come from the Red Hat Security Team. These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code. Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address secalert@redhat.com, and are digitally signed by GPG.
As stated in the Red Hat security alert, these emails are coming from fedora-redhat.com and are impersonating a Red Hat security Alert. For further information please see the Slashdot Article (http://slashdot.org/article.pl?sid=04/10/24/2352234) and the Red Hat Warning (http://www.redhat.com/security/)
This "patch" injects an id0 account on the system. Once installed, this patch sends mail to root@addlebrain.com. The patch, originally pulled from stanford.edu, is now at a yahoo based server (fedora-redhat.com). Yahoo and everyone.net have been contacted.
Red Hat has been made aware that emails are circulating that pretend to come from the Red Hat Security Team. These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code. Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address secalert@redhat.com, and are digitally signed by GPG.
As stated in the Red Hat security alert, these emails are coming from fedora-redhat.com and are impersonating a Red Hat security Alert. For further information please see the Slashdot Article (http://slashdot.org/article.pl?sid=04/10/24/2352234) and the Red Hat Warning (http://www.redhat.com/security/)
This "patch" injects an id0 account on the system. Once installed, this patch sends mail to root@addlebrain.com. The patch, originally pulled from stanford.edu, is now at a yahoo based server (fedora-redhat.com). Yahoo and everyone.net have been contacted.