Slashdot reports on an attempt to convince users of Redhat Linux and Fedora Core to download and execute malicious code disguised as a security update. Like phishing scams, it seems several spam email messages were sent claiming to be from the "Redhat Security Team," and directing users to www.fedora-redhat.com (the real Fedora website is www.fedora.redhat.com) Since the website was made "Temporarily Unavailable" in the last few minutes, you can see a screenshot of the fake website here.
Discerning users would note that the site contains several grammatical errors and nonsensical phrases:
Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges.
Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only.
"This is a critical-critical update that you must make by following these steps"
Anybody running RedHat and Fedora are strongly adviced to apply this patch! Read more about this vulnerability at www.redhat.com or www.fedora.redhat.com
The domain fedora-redhat.com is registered to:
Admin Name........... Raymond Jackson
Admin Address........ 224 Cedar Avenue
Admin Address........ New York
Admin Address........ 95301
Admin Address........ NY
Admin Address........ UNITED STATES
Admin Email.......... email@example.com
Admin Phone.......... +1.2098994533
Raymond (Ray) James Jackson, 224 Cedar Avenue, Atwater, CA 95301-4454, Phone/Email (209) 358-8510/ Mahdi1ray@cs.com
Note. This Chapter is located in the San Francisco area and is currently in a state of transition. Contact POC for latest information.