Linux Phishing Attack Circulates on Net
Posted by malebolgia on 21 November 2004 - 00:55 · 32 comments & 3499 views
About the Author
Full name: Unknown
Forum name:
malebolgia
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
malebolgiaContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(1 reply)
#1 Posted by M2Ys4U on 21 Nov 2004 - 00:57
- I could have swarn I saw this a month or two ago.
Maybe it was something similar -
#1.1 Posted by roadwarrior on 21 Nov 2004 - 21:42
- Third sentence of the post:
"The message and its "patch" were the return of a phishing hoax aimed at Linux users."
-
#2 Posted by markjensen on 21 Nov 2004 - 01:06
- I think it made the news again because eWeek originally posted the story saying that there was an email from Red Hat identifying the exploit. eWeek printed the story, thinking it was real.
-
#3 Posted by M2Ys4U on 21 Nov 2004 - 01:22
- oh, maybe.
I would search for it but I can't be bothered
-
(5 replies)
#4 Posted by Jugalator on 21 Nov 2004 - 01:27
- In other phishing-related things, I've got a lot of PayPal stuff recently. Like "your PayPal account needs to be reactivated", "we have discovered a vulnerability in PayPal and need you to verify you aren't at risk", and so on. The funny part is all links in the body are plaintext and points to the correct paypal.com domain so I wonder what they're trying to get from me. Haven't clicked, but it all seem to be legitimate links.
I did notice there's a picture in the mails that don't get viewed though so it could be not to scam you but to verify the mail address is working as your mail client views the picture. Fortunately, both Outlook 2003 and other services like Gmail don't by default. -
#4.1 Posted by WindowsNT on 21 Nov 2004 - 09:36
- The link may appear to be genuine but the HTML under the link is different and would point so somewhere else. All you have to do is right click and view source.
Bare in mind legitimate companies would not send such e-mails. -
#4.2 Posted by Jugalator on 21 Nov 2004 - 14:35
- No, as I said, the links are plaintext.
The links aren't even clickable.
Excerpts:
"To update your PayPalŪ records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run"
"Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside"
"Please click on the link below to confirm your information:
https://www.paypal.com/authcheck/secure/bill.html?sl=(then some code follows)"
How could that do any harm? Again, this is not anchor tags in HTML.
I'm not even using PayPal at the moment and I seriously doubt they need me to suddenly start clicking links. But the confusing part is that they lead to their own site. I still believe it's an inserted image in the mails for spammers to confirm my address is working. -
#4.3 Posted by roadwarrior on 21 Nov 2004 - 21:45
- Are you sure that it's not your e-mail program stripping out the HTML and graphics? If that is the case, you would only see the part of the links that were visible in the original message, but not the true links behind them.
-
#4.4 Posted by insurektion on 22 Nov 2004 - 07:48
- http://www.paypal.com
-
#4.5 Posted by raid517 on 22 Nov 2004 - 13:08
- Your citibank account is overdrawn, please login and confirm your details.
https://web.da-us.citibank.com/cgi-bin/citi...ogin2/login.jsp
-
#5 Posted by emel on 21 Nov 2004 - 03:10
- hmm.. I bet these are one of those 4 million apm bill gates recieve.. his special spam filtering filters them and redirect to mass users..
-
#6 Posted by kyro on 21 Nov 2004 - 03:31
- i think ballmer sended this phishing mails.
-
#7 Posted by mr_da3m0n on 21 Nov 2004 - 05:22
- I already saw this somewhere....
-
(5 replies)
#8 Posted by Lokheed on 21 Nov 2004 - 05:38
- LOL, who do they think we are to fall for something like this? Windows users? If you know how to apply a patch, you are going to know if its legit or not...
Its like trying to hand a bank a counterfeit... -
#8.1 Posted by Dirtie on 21 Nov 2004 - 10:53
- Must try that some time. It would be the ultimate humiliation for them if you pulled it off.
-
#8.2 Posted by M2Ys4U on 21 Nov 2004 - 14:16
- some dude actually cashed a fake check from some promotion company for $1 mil or whatever. And it cleared
-
#8.3 Posted by MR_Candyman on 21 Nov 2004 - 17:21
- Well, with the influx of people just starting to learn to use linux, they could have killed off a bunch of noobs. Anybody else though would have never installed this.
-
#8.4 Posted by Lokheed on 21 Nov 2004 - 18:38
- Dirtie, why would I want to humiliate the Linux community. I want to help it not hurt it. Open Source stands for more than that, and I am proud to be part of it.
Thats the funny thing, you dont find idiot script kiddies and pathetic, misguided, gui making, one click, virus making, kids using Linux.
No need to get Penguin-Patriotic-
(5 replies)
#9 Posted by EduardValencia on 21 Nov 2004 - 21:26
- heheh it's better not to start a flame war
anyways the security holes aren't often in linux platform -
#9.1 Posted by roadwarrior on 21 Nov 2004 - 21:47
- Even here there isn't a security hole "in" Linux, it's in the space between the chair and the keyboard (and that's always the worst kind of security hole).
-
#9.2 Posted by EduardValencia on 21 Nov 2004 - 21:49
- indeed
-
#9.3 Posted by nemesis89 on 22 Nov 2004 - 11:47
- um dude....linux has quite a lot of bugs in it....the thing is that as linux is open-source the bugs get fixed before they even get reported...and sometimes linux companies wont even report the bugs...
-
#9.4 Posted by Magallanes on 22 Nov 2004 - 19:21
QUOTE Even here there isn't a security hole "in" Linux, it's in the space between the chair and the keyboard (and that's always the worst kind of security hole).
I hate fanboys
If not exists security holes then WHY exists security patchs in linux?.
-
#9.5 Posted by mgleason007 on 23 Nov 2004 - 15:40
- [QUOTE]I hate fanboys
If not exists security holes then WHY exists security patchs in linux?.[/QUOTE]
I hate people who can't read. He said "here there isn't a security hole." Meaning this particular story. The only problem would be the user that installs a bad patch. PEBCAK. He even said that. How the hell did you even come to the conclusion from his post that there's no security holes in Linux?
-
#10 Posted by PseudoRandomDragon on 21 Nov 2004 - 22:17
- This just in:
It has been confirmed that anyone using Linux who is dumb enough to fall for this is vulnerable. The infection rate can scale to a maximum of two people.
-
(2 replies)
#11 Posted by johnathonm on 22 Nov 2004 - 00:28
- Linux users should all join the pen15 club. To join just write pen15 in all caps on your hand or add it to your various online profiles.
Last edited by 11358 on 22 Nov 2004 - 00:38 -
#11.1 Posted by Arcticflare on 22 Nov 2004 - 00:57
- It sounds like only users with a malfunction in their I.D. 10-T filter are affected by this vulnerability.
-
#12 Posted by johnathonm on 22 Nov 2004 - 02:50
- My 10-T filter was only set to 9-I. Goddamn... I figure that I'll have to go reboot my flux capacitor and step back into 1970...yeah those were the days. Telnet sessions and no gui - ballsy times. Oh crap...this isn't 1970 it's 2004 and all the system V variants that have arisen...
-
#13 Posted by raid517 on 22 Nov 2004 - 13:13
- You can't patch against scammers. You also can't patch against idiots.
GJ
-
#14 Posted by johnathonm on 23 Nov 2004 - 02:10
- Reb00t da flux capacitor!
A security bulletin circulated on the Internet late Friday and warned Linux users of a "critical-critical" security hole that could compromise systems and allow root access to a remote attacker. The message and its "patch" were the return of a phishing hoax aimed at Linux users.
According to the fake security bulletin, the vulnerability was found in fileutils, the package of essential system utilities that manipulate files on a system. It warned of problem distributions including Red Hat versions 7.2 through 9.0, and Fedora Core 1 and Core 2 as well as others. However, the warning said BSD and Solaris platforms were unaffected by the vulnerability.
Cont...
"Natural challenges with finalizing all the key features and localization issues across worldwide territories have led to the difficult choice of pushing back the release date," SCEA said in a statement, "in order to ensure that Gran Turismo 4 lives up to the exacting standards of the 36 million-plus fans worldwide that have purchased previous versions."
The delay leaves egg on the face of Sony, who only last week held a high profile party in Tokyo to celebrate the "completion" of the game, and which previously removed the much-vaunted online functionality from the title in order to ensure that it came out in time for Christmas.
There's some speculation that this fresh delay - which may also have a knock-on impact on the launch date of the European version, which had already been delayed into Q1 2005 - will give the firm time to reintegrate the online component, but Sony has so far not commented on this possibility, and is still officially planning to launch a separate online-enabled Gran Turismo product later next year.