Linux-Noob Forums
ip spoof and trojan reroutes - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: ip spoof and trojan reroutes (/thread-3100.html)

ip spoof and trojan reroutes - tek-69 - 2004-10-25


just thought i'd post this news article i found on google to let people know this kind of non-sense is goin on and to be careful.

 



Code:
Linux Users Spoofed By Bogus Security Alert   Oct. 25, 2004        



More Stories on:
Security
Industries
Administration


   
Unsuspecting Linux users were tricked into possibly downloading a virus.
By TechWeb News

 
   
Joining the ranks of Windows' users who have been victimized by spoofed security alerts, Linux users this weekend received bogus messages directing them to download updates that are in fact Trojan horses, Red Hat announced Saturday.

The E-mail, which carried the sender address of "security@redhat.com" and an initial subject head of "RedHat: Buffer Overflow in 'ls' and 'mkdir,'" instructs users to download and install a purported patch. In an advisory on its Web site, Red Hat warned that the "patch" is actually a Trojan designed to compromise systems.

"Official messages from the Red Hat security team are never sent unsolicited," said the company in its advisory, and "are always sent from the address 'secalert@redhat.com,' and are digitally signed."

After the initial spammed wave, said Finnish security firm F-Secure Corp., someone used phony information to register the domain "fedora-redhat.com," which is very close to "fedora.redhat.com," the official site of the Fedora Project, a free operating system supported by Red Hat.

The second spam run of Sunday directed recipients to fedora-redhat.com for the fix.

Early Monday, F-Secure noted that the supposed "patch" was no longer online. As of mid-morning Monday, the fedora-redhat.com site also was offline.

Windows users have been targeted several times with similar bogus security messages, most notably in 2003 when the Swen worm disguised itself as a patch attached to messages claiming to come from Microsoft.

This, however, is the first instance of the tactic applied to Linux users.






ip spoof and trojan reroutes - deraj - 2004-10-27

let's just hope not too many people fell victim to that ....


ip spoof and trojan reroutes - beej - 2004-12-20

Naw...most Linux users are smart enough to know not to "CLICK YES TO CONTINUE!"


ip spoof and trojan reroutes - hijinks - 2004-12-20


i did something like this 8-9 years ago. When I use to hack and hacking was getting "popular" I thought it would be funny to see how many people I could trick that wanted to try to hack their shell accounts. So what I did was code a fake FTP exploit in C that faked a login but really emailed me the user/pass and hostname.

 

I offered the file as a already compiled exploit and I was surprised how many people fell for it.



ip spoof and trojan reroutes - beej - 2004-12-20

Hehe. That's terrible. Hilarious, but terrible.


ip spoof and trojan reroutes - nzbm - 2004-12-27

Very terrible... ;)