Red Hat Inc. on Saturday warned users of an e-mail scam designed to plant malicious code on users' systems. The malicious e-mail poses as a security update from the vendor, a technique that has become familiar to Windows users, but is a novelty in the Linux world.
The e-mail, which has been circulating since late last week, says it originates from the "Red Hat Security Team" and urges users to download a patch fixing vulnerabilities in the ls and mkdir file system utilities. To add a veneer of authenticity, the scammers used an authentic-seeming domain name, fedora-redhat.com, to host the malicious download. "The Red Hat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update," the message says. The e-mail message and the site contained instructions for downloading, decompressing and installing the false update.
News source: eWeek