Unknown Attacker Sends Spam Messages with Malicious File Masquerading as Red Hat Security Update

There's a fake security alert targeting users of Red Hat's Fedora distribution


There's a fake security alert targeting users of Red Hat's Fedora distribution, the company warned in an advisory.

The Linux distributor posted a note on its security updates page to caution users against downloading security updates received via e-mail.

"These e-mails tell users to download and install malicious updates. These Trojan updates contain malicious code designed to compromise the systems they are run on," Red Hat said.

Red Hat, which markets a product line that includes server and embedded operating systems and database applications, made it clear that official messages from its security team are never sent unsolicited and are always digitally signed and sent from the "secalert@redhat.com" address.

"All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified," the company said.

Anti-virus firm F-Secure also put out a notice for the fake alerts, which uses the spam technique to try to get Fedora users to download a malicious root kit. F-Secure Director of Anti-Virus Research Mikko Hyponnen said the attacker registered the "fedora-redhat.com" domain, which is almost identical to the official "fedora.redhat.com" URL.

Hyponnen said a large spam run was then engineered targeting Linux users with a message that claimed there was a security flaw in the Linux OS and that a fix was available from the fake URL.

It is not the first time that attackers have used e-mail spam to spread malicious files via fake software security alerts. Last September, a mass-mailing virus masquerading as a security patch from Microsoft was being spread via e-mail with the ability to steal account information and e-mail server details from infected systems.