Archived Weblog Entry - 11/08/2004: "Linux "social engineering" attacks"

[Previous entry: "More on the election results"] [Main Index] [Next entry: "The ultimate Nigerian scam letter..."]

11/08/2004 Archived Entry: "Linux "social engineering" attacks"

A sign of the times: crackers are starting to target Linux users.

Two weeks ago there was an attempt at "social engineering": a widely distributed email encouraged Red Hat Linux users to download a security patch from the bogus website www.fedora-redhat.com. This domain name is not owned by Red Hat and is not part of the Fedora project, but it certainly sounds plausible, and some users might have been fooled. Remember, don't trust web sites that appear in emails. Always type the URL yourself. In this case, a trip to the real Red Hat website, www.redhat.com, would have revealed that there is no security alert. (I gather that the bogus website has now been taken down.)

Now there's a new attack which attempts to get you to install a backdoor on your Linux system. This one pretends to be a program to let you break into Windows computers. Chances are that no one reading this blog desires to become a "cracker," so you probably wouldn't have the slightest interest in running this program. But if you did, it would give the attacker remote access to your Linux machine.

What's noteworthy about these two attacks is that they're both "Trojan Horse" attacks -- they try to trick you into installing the program onto your computer. This is done through "social engineering" attempts -- playing on the psychology of the end user -- hoping in the one case that you're a security-conscious but slightly unsophisticated Red Hat user, and in the second case that you have an unscrupulous desire to crack Windows machines. Unlike many Windows attacks, these programs don't use weaknesses in the operating system...they exploit weaknesses in the user.

The only defense against Trojan attacks is to get educated, be suspicious, and play safe. Don't blindly trust URLs sent in an email. Don't download software from an untrusted source. Make sure you know the real URL of all critical web sites, and type it yourself (or use your own bookmarks). When you get an advisory apparently from a vendor, bank, credit card company, PayPal, or eBay, go yourself to their web site and verify that the advisory is for real.

brad