Linux users are often smug about the state of their computer security, rightly criticizing Windows for its numerous security holes, but overlooking their own vulnerabilities.
Now it’s their turn to suffer.
Over the last several days, Linux users have been targeted by a phony email claiming to be from the Red Hat Security Team, claiming that a vulnerability in fileutils-1.0.6 could “allow a remote attacker to execute arbitrary code with root privileges.” The email tells people to download a patch to fix the problem.
The patch, of course, contains malicious code that compromises the system it’s run on.
Linux users: Welcome to my world.
This kind of thing is old hat to PC users. Just this morning, for example, I received four phony emails purporting to be from eBay and PayPal, but which were really phishing exploits.
Linux users are going to have to get used to this kind of thing. They’ll have to learn to be suspicious of any email they receive, and pay as much attention as possible to keeping their system patched - using only legitimate patches, of course.
In a way, this security exploit may be a backhand compliment to those who use Linux. They should figure that if malware writers have finally taken notice of them, it means that they’ve finally arrived.
What do you think about Linux (and Windows) security? Let me know.