The Web    Google
11/1: Fakepatch-A an Elf Executable

11/1: Fakepatch-A an Elf Executable
November 1, 2004

Elf_Fakepatch.A is an Elf executable that arrives on a system via email. It contains the following details:

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT ed. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

  • First download the patch from the Security RedHat mirror: wget
  • Untar the patch: tar zxvf
  • cd
  • make
  • */inst

    Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.

    Thank you for your prompt attention to this serious matter,

    RedHat Security Team.

    (Note: The said site is currently unavailable.)

    It retrieves network configuration and system information, and saves them in the file mama. It then sends the said file to a specific email address.

    This Elf executable runs on Linux.

    Technical details can be found at Trend Micro page.

  • 8/17: Mydoom-T Copies Itself in Emails
  • 6/28: Backdoor-CCL Running Wild
  • 2/17: Poebot-A Worm Has Backdoor Functions
  • 4/22: Kelvir-R Trojan Hits IM Contacts
  • FTC: Identity Theft, Fraud on the Rise
  • AntiOnline Spotlight: Trojan Force
  • 4/25: Kedebe Worm Kills Security
  • New Alliance Opposes Anti-Piracy Mandates
  • 12/17: Atak.J Worm Uses Own Engine
  • 7/29: Lovgate-AK a Mass-Mailing Worm
  • 11/8: Trojan.Beagooz Collects Addresses
  • Security Camera Product