Re: linux 'zoot' rootkit/DoSkit/etc

From: James W. Abendschan (jwaat_private)
Date: Wed Dec 05 2001 - 00:34:34 PST

Next message: Przemyslaw Frasunek: "Re: Attacks against SSH?"

Previous message: Nate Campi: "Re: slowish ssh scan from 149.69.85.65"
In reply to: Konrad Rieck: "Re: linux 'zoot' rootkit/DoSkit/etc"
Next in thread: Postmaster: "Re: linux 'zoot' rootkit/DoSkit/etc"
Next in thread: Fredrik Ostergren: "Re: linux 'zoot' rootkit/DoSkit/etc"
Reply: Postmaster: "Re: linux 'zoot' rootkit/DoSkit/etc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 3 Dec 2001, Konrad Rieck wrote:
> I don't believe this toolkit of trojans is called "zoot".  Every RedHat
> Linux release goes with a unique name and *suprise* RedHat Linux 6.2 is
> titled "zoot" and for example RedHat Linux 7.2 is called "enigma".

a few files were tagged with 'zoot'  -- /sbin/zoot.sshd, /sbin/zoot.snfd,
/sbin/zoot.sshd-conf, /sbin/zoot.telnetd.  Plus, there was quite a
cache of files in /usr/src/zoot/.  Thus the proposed name :)

Was it called 'zoot' because it only works on RH 6.2?  Was it 
a weak play on 'root' ?  does 'zoot' mean 'w00t' in Romanian?  Who
knows ..

James

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Przemyslaw Frasunek: "Re: Attacks against SSH?"
Previous message: Nate Campi: "Re: slowish ssh scan from 149.69.85.65"
In reply to: Konrad Rieck: "Re: linux 'zoot' rootkit/DoSkit/etc"
Next in thread: Postmaster: "Re: linux 'zoot' rootkit/DoSkit/etc"
Next in thread: Fredrik Ostergren: "Re: linux 'zoot' rootkit/DoSkit/etc"
Reply: Postmaster: "Re: linux 'zoot' rootkit/DoSkit/etc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 09:00:35 PST