Now it's their turn to suffer.
Over the last several days, Linux users have been targeted by a phony email claiming to be from the Red Hat Security Team, claiming that a vulnerability in fileutils-1.0.6 could "allow a remote attacker to execute arbitrary code with root privileges." The email tells people to download a patch to fix the problem.
The patch, of course, contains malicious code that compromises the system it's run on.
Linux users: Welcome to my world.
This kind of thing is old hat to PC users. Just this morning, for example, I received four phony emails purporting to be from eBay and PayPal, but which were really phishing exploits.
Linux users are going to have to get used to this kind of thing. They'll have to learn to be suspicious of any email they receive, and pay as much attention as possible to keeping their system patched - using only legitimate patches, of course.
In a way, this security exploit may be a backhand compliment to those who use Linux. They should figure that if malware writers have finally taken notice of them, it means that they've finally arrived.
Preston Gralla is the author of Windows Vista in a Nutshell, the Windows Vista Pocket Reference, and is the editor of WindowsDevCenter.com. He is also the author of Internet Annoyances, PC Pest Control, Windows XP Power Hound, and Windows XP Hacks, Second Edition, and co-author of Windows XP Cookbook. He has written more than 30 other books.
oreillynet.com Copyright © 2006 O'Reilly Media, Inc.