23rd October 2004
Red Hat has been made aware that emails are circulating that pretend to come from the Red Hat Security Team. These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code. Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address secalert@redhat.com, and are digitally signed by GPG. All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified. For more details see www.redhat.com/security/team/key.html.
References:
- http://www.redhat.com/security/
- http://linuxtoday.com/security/2004102500826SCRHSW
- http://www.redhat.com/archives/fedora-list/2004-October/msg04846.html
- http://www.newsfactor.com/story.xhtml?story_id=27861