Bogus Security Alert Snares Linux UsersBogus Security Alert Snares Linux Users

Joining the ranks of Windows' users who have been victimized by spoofed security alerts, Linux users this weekend received bogus messages directing them to download updates that are in fact Trojan horses, Red Hat announced Saturday.

The e-mail, which carried the sender address of "[email protected]" and an initial subject head of "RedHat: Buffer Overflow in 'ls' and 'mkdir,'" instructs users to download and install a purported patch. In an advisory on its Web site, Red warned that the "patch" is actually a Trojan designed to compromise systems.

"Official messages from the Red Hat security team are never sent unsolicited," said the company in its advisory, and "are always sent from the address '[email protected],' and are digitally signed."

After the initial spammed wave, said Finnish security firm F-Secure, someone used phony information to register the domain "fedora-redhat.com," which is very close to "fedora.redhat.com," the official site of the Fedora Project, a free OS supported by Red Hat.

The second spam run of Sunday directed recipients to fedora-redhat.com for the fix.

Early Monday, F-Secure noted that the supposed "patch" was no longer online. As of mid-morning Monday, the fedora-redhat.com site was also offline.

Windows users have been targeted several times with similar bogus security messages, most notably in 2003 when the Swen worm disguised itself as a patch attached to messages claiming to come from Microsoft.

This, however, is the first instance of the tactic applied to Linux users.