An email purporting to be from Red Hat alerts users to download a patch that actually contains malicious code. Red Hat’s Mark Cox notes that security notices from his company “are never sent unsolicited, are always sent from the address [email protected] and are digitally signed by GPG.” This kind of ruse has been used many times in the past to try to fool Windows users.
How to prevent these kinds of exploits…I honestly dont know…Nobody is safe ..not even *NIX
Remember that you dont need to be root all the time. root must be a only administrative user.
right, and installing security updates as a normal user is easy!
I mean I get emails everyday from citibank and even from my own bank asking me to follow their link to log in and fix problems with my account.
I used to get lots of scams asking me to send money to some nigerian dudes so I can make lots of money
This is just another rehash, trying to get stupid people to fall for stupid things.
Throw this in the scammer bucket with all the other 10,000’s of scams going on.
Oops! Now the spammers know which e-mail to send it from.
For those of you who don’t use RedHat, updates are managed with a program called up2date. Everyone knows this from the blinking red icon we get on the taskbar. Anyone who falls for this is not of average intelligence.
i read at http://lwn.net/Articles/108006/ that using SPF would prevent getting this fake emails.
🙂 No, he’s under average ashtray
from stupid users!
😮 MacOSX exploit today also. http://news.zdnet.com/2100-1009_22-5424883.html
Good thing I use Windows!
🙂
Sorry, figure that’s the response to every Windows thing from the Linux crowd, might as well do the same.
*shrugs* go ahead, mod me down…
For those of you who don’t use RedHat, updates are managed with a program called up2date. Everyone knows this from the blinking red icon we get on the taskbar. Anyone who falls for this is not of average intelligence.
Yeah, if everybody who uses computers were computer literate, the security issues on Windows would decrease by at least 90%.
Good thing I use Windows!
LOL! I hate to see anyone get hit with a phishing scam, but in a way, this just warms my heart
Yeah, if everybody who uses computers were computer literate, the security issues on Windows would decrease by at least 90%.
If you don’t know that up2date is the only way you should get any kind of update information for your redhat box. You’re probably not going to have root access to the machine, and you’re probably going to be too stupid to install the “patch” in question.
I highly doubt that anyone is going to be very affected by this. And a security advisory from Microsoft would be much more dangerous to Windows computers. It’s impossible to stop uneducated users from doing the wrong thing, but at least most operating systems limit the damage an uneducated user can do.
It’s impossible to stop uneducated users from doing the wrong thing, but at least most operating systems limit the damage an uneducated user can do.
I’ve used several Linux distros and from what I have observed (and I might be wrong on this), the only thing seperating a user from chaos is that little dialog that prompts you for the root password whenever it’s needed. Trust me .. if a user will willingly run anything you send them to get nude pics of J-Lo, they will surely type in the root password for the same reason.
I use yum to update my fedora core servers mainly. How safe are the mirros that yum uses?
Welcome to the big leagues Linux.
Well it looks like Linux is finally big enough to draw the assholes of the world to write malware for the big Linux Distros. Even OSX is drawing the same attention so congratulations to Apple as well. You both deserve it. Now its time to reap the rewards of malware. Linux and OSX admins rejoice in the fact you now have job security that will rival that of the Windows admins in dealing with idiot users bringing in viri, trojans and other malware into your shop. Praise your God for this new bounty of Information Technology problems.
At last, we are truely entering the 2nd age of OS wars.
To get this ‘virus’
click on link to download “update”
Open terminal window,
cd to downloaded file directory
./configure
./make
sudo ./make install
Now run one of the apps to start the virus.
Viruses the Linux way, you actually have to work to get them installed.
The security alert looks like a scam. I doubt anyone was fooled.
– Red Hat signs their alerts with a GPG key. This one wasn’t signed.
– Real alerts have a standard format for the body and subject. This one doesn’t follow the format.
– Real alerts are sent to a mailing list. Admins should know they are subscribed. Other people would wonder why they are getting spammed.
– The malware needs to be downloaded from fedora-redhat.com while people would expect redhat.com.
– Most users of Redhat or Fedora use up2date or yum to keep their machines up-to-date. Manually downloading and installing an update is not normal. Those who know how to do it are less likely to be fooled, and those that are fooled are less likely to follow the instructions successfully.
Those who know how to do it are less likely to be fooled, and those that are fooled are less likely to follow the instructions successfully
Thats the overwhelming mass majority of users.
I very much hope that, like apt and urpmi, yum uses signatures to verify the authenticity of packages it downloads. With urpmi, if a package you ask it to install is not signed with a signature it’s been set to recognise, it’ll alert you and ask whether it should continue installing, default answer ‘no’. By default, urpmi comes with Mandrakesoft’s signatures only. I guess, and hope, that yum has a similar system.
The fact that it has to be physically installed and that physical administrator involvement is necessary to totally compromise the system at hand is a good sign.
Ahh, you mean like how someone would physically have to click on a link to go to a website that claims to be from their bank and enter credit card information? I don’t know why you guys think that just because a user has to do something, all of a sudden people are invincible. Any recent Outlook/Express version doesn’t auto-run anything either.
Please understand that I am not claiming that this particular patch is going to spread like wildfire, just that switching to Linux doesn’t automatically assume you’re going to be free of security issues, as some pundits like to suggest.
The problem with your argument is the generalization of Linux distros. In this case, it was about Fedora Core not other distros.
“For those of you who don’t use RedHat, updates are managed with a program called up2date. Everyone knows this from the blinking red icon we get on the taskbar. Anyone who falls for this is not of average intelligence. ”
Disregarding the fact that up2date is a piece of shit which RedHat refuses to fix, this is simple experience. I guess you’ll feel superior when you get a virus through jpeg viewing and all them simple folks get a virus through an email.
Everything is dangerous these days, no system is safe unfortunately.
“click on link to download “update”
Open terminal window,
cd to downloaded file directory
./configure
./make
sudo ./make install
Now run one of the apps to start the virus.
Viruses the Linux way, you actually have to work to get them installed. ”
LOL. That’s the unfortunate truth isn’t it though!! unfortunately you have to work to install ANYTHING but as long as those viruses don’t get installed because of stupid users…
However—-once you get people used to doing this all the time with normal programs, that doesn’t make them safer at all since they figure they’ll just do it this time, routine. Then you have an experienced user dousing himself with a virus.
The fact that you can use mirrors on up2date just expose your complete lack of knowledge of the configuration. Red Hat recommand to use the closest mirror download approved by them.
On the second post, since the topic is about Fedora Core, people who mostly uses rpm and knw about Red Hat policies already knew the scam therefore virtually nullify the need to do more step. Another thing to remember, all Linux distros, thought sharing the same origin (kernel), are different.
“The fact that you can use mirrors on up2date just expose your complete lack of knowledge of the configuration. Red Hat recommand to use the closest mirror download approved by them. ‘
The fact that up2date crashes itself when mirrors are busy shows how crappy it is. Why doesn’t RedHAt update it’s namesake and show that we can actually rely on this program?
To the last point, 3-step install it is NOT a solution. In the end you are always one-step away from installing malware, same as Windows.
Add “gpgcheck=1” to you yum.conf file (see “man yum.conf”).
use “rpm –import pub_key” to import a gpg public key.
public key can be found in /usr/share/doc/fedora-release-*/RPM-GPG-KEY*
All keys can be found in on a public keyserver, such as http://pgp.mit.edu/ if you don’t trust the keys that come with the package fedora-release.
See gnupg documentation:
http://www.gnupg.org/documentation/index.html
yeah up2date has its problems (the GUI) but when I do ‘up2date -u’ on the command line I almost never have a problem. It’s what I’ve always done to begin with I never liked GUI for things like that, only system-config-securitylevel and system-config-services I find faster than editing iptables or chkconfig by hand.
Let’s mod the good comments down and leave the clueless idiots to tell us that this is a Linux e-mail virus and that when Linux becomes as popular as Windows it will cause as much trouble for everyone.
Sigh…….
This applies to all of the ignorant of OS’s and the stubborn.
No matter what O.S. you use.
Not paying attention will cost you!
With Windows:
In order to get any O.S. maintenace done you have to be an ADMIN!
I would speculate that 95% of Window users run ADMIN full time.
I’ve done lots of Windows repair/installs. Only to find out that the main PC user was an ADMIN all along. Bad Idea! It’s way too redundant to install and upgrade software updates with Windows.
Especially 3rd party download sites and unknown download sites.
Verify Software Signature Finger Prints!
With ***Nix:
In order to get any O.S. maintenace done, you have to be “SU” or “ROOT”!
I’ve done plenty of ***Nix repair/installs to find that 95% do not run there ROOT account fulltime.
I have found people not verifying there packages with ***Nix when they go elesewhere to seek an extra package.
As time goes on this type of behavior is where the script kiddie packin punks will undermine a lot of people in the Nix world.
Verify Software Signature Finger Prints!
Both users of either software just need to verify there packages.
Whether it’s the newest on the block or the oldest software known to the P.C. kingdom.
Educate yourself and quit fighting on this site.
JD
>Educate yourself and quit fighting on this site.
People who are in need of education are not visitors and readers of OSNews.
They should be told by people who visit this site: No matter what O.S. you use. Not paying attention will cost you!
“People who are in need of education are not visitors and readers of OSNews.”
Your right, I.T. and Entertainment buffs!
“They should be told by people who visit this site: No matter what O.S. you use. Not paying attention will cost you!”
Which O.S. are you suggesting, “Not paying attention will cost you?”
They all cost you and I do not mean money neither. The time and patience to learn your O.S..
JD
thanks for the yum-specific info. It’s a pity this isn’t turned on by default, though!
Will be turned on by default in FC3.
Someone over at ./ pointed out a bunch of flaws in that scam. (sorry that I can’t remember who it was to credit)
1. Spelling Red Hat wrong.
2. It was a tar, RH uses packages.
3. All updates are used through up2date, not e-mail.
Wow, these people are idiots. Most people who can install from source would catch onto this anyways. As far as I’m concerned, this exploit doesn’t exist….
Since when Linux distros issuing patches through e-mail?
This is the problem that web based updates will cause in the future.
Systems have to be more under beta to make sure that “NO UPDATES ARE RELEASED” every week which makes users want to update just to fix something that is not broken.
This is the reason the System 5 type of UNIX is superior
They all cost you and I do not mean money neither.
Exactly. Only snake oil vendors will tell you otherwise.
> Most people who can install from source would catch onto this anyways. As far as I’m concerned, this exploit doesn’t exist….
Wrong. gnu.org have been already cacked some time ago. Some *.tar.gz corrupted.
Seem to me that libc source have been cracked on a mirror site also.
People who are in need of education are not visitors and readers of OSNews.
Bingo!
Microsoft doesn’t distribute patches by email either, but people still click on files they get in email claiming to be Microsoft patches.