/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW DELHI: In an attempt to break the security of Linux systems bogus messages were sent to Linux users directing them to download Trojan Horses under the cover of updates, informed Red Hat.
The entire sequence of events was well planned. The culprit registered a domain by the name "fedora-redhat.com", which is very similar to the official site of the Fedora Project, "fedora.redhat.com." Bogus email were then sent out on Sunday, 26th of October, with sender's address as security@redhat.com, and a subject line reading, "RedHat: Buffer Overflow in 'ls' and 'mkdir,'" instructing users to download a fix (actually a Trojan Horse) for this flaw. Said an online report.
According to the F-Secure, a Finnish security firm, the "patch" was made unavailable early Monday and subsequently the site also went offline.
In its advisory Red Hat has stated that its security team never sends out unsolicited official messages, the messages are digitally signed and one should always watch out for 'secalert@redhat.com,' as the sender's address.
This is not a new thing as far as Windows users are concerned, as they have been targeted several times with spoofed security alerts, but is definitely first such attempt on Linux users.
With so much noise about open-source security, miscreants have changed the directions of their guns, it seems. Linux users beware!