This e-mail has been frozen in our e-mail system. It has now been released. We apologies for the delay caused. Postmasterat_private ----- Original Message ----- From: "James W. Abendschan" <jwaat_private> To: "Konrad Rieck" <krat_private> Cc: <incidentsat_private> Sent: Wednesday, December 05, 2001 8:34 AM Subject: Re: linux 'zoot' rootkit/DoSkit/etc > On Mon, 3 Dec 2001, Konrad Rieck wrote: > > I don't believe this toolkit of trojans is called "zoot". Every RedHat > > Linux release goes with a unique name and *suprise* RedHat Linux 6.2 is > > titled "zoot" and for example RedHat Linux 7.2 is called "enigma". > > a few files were tagged with 'zoot' -- /sbin/zoot.sshd, /sbin/zoot.snfd, > /sbin/zoot.sshd-conf, /sbin/zoot.telnetd. Plus, there was quite a > cache of files in /usr/src/zoot/. Thus the proposed name :) > > Was it called 'zoot' because it only works on RH 6.2? Was it > a weak play on 'root' ? does 'zoot' mean 'w00t' in Romanian? Who > knows .. > > James > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > <FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLUE> ------------------------------------------------------- QAS Ltd. Developers of QuickAddress Software <a href="http://www.qas.com">www.qas.com</a> Registered in England: No 2582055 Registered in Australia: No 082 851 474 ------------------------------------------------------- </FONT>
This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 11:04:27 PST