Anyone feeling like phishing?

Just to prove that even big companies like Red Hat are not immune to scam artists, I thought I might bring this article about a little “oops” that I am sure that Red Hat would like to forget about to your attention.

As always, it was targeting the company directly, but their customer base instead. Red Hat users received strange emails from “phishermen” here recently. People, by now most people that are Red Hat users ought to realize that anyone using this distro will not receive emails asking for account information. I think this is just common sense.

Red Hat Inc. sent users a warning today about a fake email that asked users to install a patch for a vulnerability in fileutils (ls and mkidir). The patch was actually a file that could allow a remote attacker to execute arbitrary code with root privileges in some Red Hat Linux distributions.

The attack arrived in the form of phishing scam from the fake email address “security@redhat.com” and was first spotted late Friday. The heading of the email read “Red Hat: Buffer Overflow in ‘ls’ and mk’dir’” and contained instructions on how to install a patch that Red Hat said may contain malicious code.