The Web    Google
11/1: Fakepatch-A an Elf Executable

11/1: Fakepatch-A an Elf Executable
November 1, 2004

Elf_Fakepatch.A is an Elf executable that arrives on a system via email. It contains the following details:

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT ed. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

  • First download the patch from the Security RedHat mirror: wget
  • Untar the patch: tar zxvf
  • cd
  • make
  • */inst

    Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.

    Thank you for your prompt attention to this serious matter,

    RedHat Security Team.

    (Note: The said site is currently unavailable.)

    It retrieves network configuration and system information, and saves them in the file mama. It then sends the said file to a specific email address.

    This Elf executable runs on Linux.

    Technical details can be found at Trend Micro page.

  • Nine out of 10 U.S. Emails Now Spam
  • 10/26: Famus-B Worm Sends Email About Iraq
  • 6/21: Korgo-N, O, P Exploit LSASS Flaw
  • Fed Security Systems Receive Failing Grades
  • Keeping Score of Identity Risks
  • 2/15: Randex-COX a Network-Aware Worm
  • 11/10: Mydoom-AE Worm Links to Servers
  • Virus-Powered Phishing Unleashed
  • Ensuring Mobile Clients Comply with Security Policy
  • Searching for Wi-Fi Security Solutions
  • 7/1: PWSteal.Refest Steals Banking Info
  • Home Security Camera Background