Security news25 October 2004
Beware the bogus Red Hat security update email, warns Sophos
 |
| The bogus email claims to come from Red Hat. |
Experts at Sophos have warned users of Red Hat Linux to be wary of a bogus email which purports to be an official security update for the operating system.
The fake email claims to come from security@redhat.com, and arrives with the subject line: "RedHat: Buffer Overflow in 'ls' and 'mkdir'".
Contained inside the email are instructions on how to load and install a 'security patch'. However, Red Hat has advised that its real security messages are sent from secalert@redhat.com and are always digitally signed.
"Someone in the computer underground is trying to dupe innocent Red Hat Linux users into running potentially malicious code," said Graham Cluley, senior technology consultant for Sophos. "Everyone who is responsible for the security of computer systems should take care to ensure they are following legitimate advice, and not falling for this kind of confidence trick."
Earlier this year the W32/Sober-D virus posed as a security patch from Microsoft in an attempt to fool users of Microsoft Windows.
