An e-mail disguised as a Red Hat patch update is a fake designed to trick users into downloading malware, the Linux vendor warned in a message on its Web site.
"Red Hat has been made aware that e-mails are circulating that pretend to come from the Red Hat Security Team," Red Hat Inc. said in the message. "These e-mails tell users to download and install malicious updates. These Trojan updates contain malicious code designed to compromise the systems they run on."
The advisory added that "official messages from the Red Hat Security Team are never sent unsolicited, are always sent from the address firstname.lastname@example.org, and are digitally signed by GPG. All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified."
The bogus e-mails were part of what appeared to be a spam assault against Linux users, according to Finnish antivirus firm F-Secure Corp.
"Somebody did a fairly large spam run, targeting Linux users with a message that claimed a security vulnerability had been found and the fix was available at fedora-redhat.com," said Mikko HyppÖnen, director of antivirus research for F-Secure. "It was labeled as a fairly critical security alert that advised users to download a patch. It looks like the goal was to trick users into downloading a root kit."
HyppÖnen said the episode further illustrates that attackers have their eye on more than just the Windows-based exploits. "Nobody should be complacent when it comes to security," he said. "People tend to think Linux can't be attacked, but like the Opener virus affecting Macintosh users, this is proof that Linux is not immune."
While the malicious site was taken down over the weekend, the Bethesda, Md.-based SANS Internet Storm Center posted a message on its Web site Monday saying the hoax "is a good reminder that even though most of these are aimed at Windows users, always be suspect when receiving an e-mail asking you to download something."