Security Incidents mailing list archives
linux 'zoot' rootkit/DoSkit/etc
From: "James W. Abendschan" <jwa () jammed com>
Date: Mon, 3 Dec 2001 00:01:52 -0800 (PST)
A RedHat Linux 6.2 box (**far** outside of my care) had some interesting things done to it-- missing binaries and a nonexistent RPM database, among other oddities. Closer examination revealed a happy little toolkit (aptly named 'zoot') which included the typical mishmash of trojan programs, IRC bots, DoS tools, LKM, sniffer, etc., etc. I searched the incidents archives & I didn't see 'zoot' mentioned anywhere; apolgies if this is already known. However, at least one other person has seen artifacts of this: http://www.mail-archive.com/isp-tech () isp-tech com/msg29988.html I tar'd up the obviously affected files; a list is below. Some excerpts: nimue:/tmp/zoot/usr/src/linux/arch/alpha/lib/.lib# cat .1proc 3 zoot.sshd 3 zoot.snfd 3 zoot.bnc 3 zoot.telnetd nimue:/tmp/zoot/usr/src/linux/arch/alpha/lib/.lib# cat .1addr 2 193.226.116 2 216.252.238 2 194.102.233 2 204.42.253 2 194.153 3 19 3 444 3 531 3 1898 3 1909 3 2646 4 6660 4 6669 4 6668 4 7000 4 6667 4 444 4 531 4 5000 4 1909 4 1646 4 19 For those interested in the tarball itself, after I sanitize it a bit (the sniffer log in particular) I can make it available. Drop me an email if you're interested. nimue:/tmp/zoot# find . -type f -ls 433280 232 -rwxr-xr-x 1 root root 232774 Apr 19 2001 ./sbin/zoot.sshd 433281 8 -rwxr-xr-x 1 root root 7022 Apr 19 2001 ./sbin/zoot.snfd 433282 4 -rw-r--r-- 1 root root 690 Nov 23 14:54 ./sbin/zoot.sshd-conf 433283 16 -rwxr-xr-x 1 root root 15454 Sep 27 08:04 ./sbin/zoot.telnetd 433291 4 -rwxr-xr-x 1 root root 176 Apr 20 2001 ./usr/src/linux/arch/alpha/lib/.lib/.1addr 433292 4 -rwxr-xr-x 1 root root 50 Apr 20 2001 ./usr/src/linux/arch/alpha/lib/.lib/.1proc 433365 620 -rw-r--r-- 1 root root 629574 Nov 25 22:16 ./usr/src/zoot/me/me.tar.gz 433366 4 -rw-r--r-- 1 root root 1 Nov 25 21:58 ./usr/src/zoot/me/LaGgeD.seen 433367 4 -rw-r--r-- 1 root root 896 Dec 2 15:34 ./usr/src/zoot/me/LinkEvents 433368 4 -rw-r--r-- 1 root root 570 Dec 2 22:00 ./usr/src/zoot/me/bot.usr 433369 4 -rw-r--r-- 1 root root 120 Nov 25 22:07 ./usr/src/zoot/me/bot1.seen 433370 4 -rwx------ 1 root root 942 Oct 9 2000 ./usr/src/zoot/me/checkmech 433371 24 -rw------- 1 root root 22935 Oct 9 2000 ./usr/src/zoot/me/mech.help 433372 4 -rw-r--r-- 1 root root 1085 Dec 2 22:00 ./usr/src/zoot/me/mech.levels 433373 4 -rw------- 1 root root 6 Nov 25 23:45 ./usr/src/zoot/me/mech.pid 433374 4 -rw-r--r-- 1 root root 3769 Nov 25 23:44 ./usr/src/zoot/me/mech.set 161917 8 -rw------- 1 root root 5195 Oct 9 2000 ./usr/src/zoot/me/randfiles/randaway.e 161918 4 -rw------- 1 root root 3982 Oct 9 2000 ./usr/src/zoot/me/randfiles/randinsult.e 161919 4 -rw------- 1 root root 830 Oct 9 2000 ./usr/src/zoot/me/randfiles/randkicks.e 161920 4 -rw------- 1 root root 519 Oct 9 2000 ./usr/src/zoot/me/randfiles/randnicks.e 161937 4 -rw------- 1 root root 2495 Oct 9 2000 ./usr/src/zoot/me/randfiles/randpickup.e 161938 60 -rw------- 1 root root 55316 Oct 9 2000 ./usr/src/zoot/me/randfiles/randsay.e 161944 4 -rw------- 1 root root 633 Oct 9 2000 ./usr/src/zoot/me/randfiles/randsignoff.e 161949 4 -rw------- 1 root root 1465 Oct 9 2000 ./usr/src/zoot/me/randfiles/randversions.e 161951 4 -rw------- 1 root root 3002 Oct 9 2000 ./usr/src/zoot/me/src/Makefile.in 161952 8 -rw------- 1 root root 8143 Feb 26 2001 ./usr/src/zoot/me/src/config.h.in 161954 8 -rw------- 1 root root 4508 Oct 9 2000 ./usr/src/zoot/me/src/defines.h 161955 12 -rw------- 1 root root 12044 Feb 26 2001 ./usr/src/zoot/me/src/global.h 161958 16 -rw------- 1 root root 15681 Feb 26 2001 ./usr/src/zoot/me/src/h.h 162034 12 -rw------- 1 root root 8264 Feb 26 2001 ./usr/src/zoot/me/src/structs.h 162035 8 -rw------- 1 root root 5001 Feb 27 2001 ./usr/src/zoot/me/src/usage.h 162036 4 -rw------- 1 root root 3020 Mar 9 2001 ./usr/src/zoot/me/src/Makefile 162037 12 -rw------- 1 root root 8248 Mar 9 2001 ./usr/src/zoot/me/src/config.h 162038 56 -rwxr-xr-x 1 root root 50942 Mar 9 2001 ./usr/src/zoot/me/src/gencmd 162039 12 -rw-r--r-- 1 root root 12126 Mar 9 2001 ./usr/src/zoot/me/src/mcmd.h 162040 72 -rw-r--r-- 1 root root 66072 Mar 9 2001 ./usr/src/zoot/me/src/cfgfile.o 162041 76 -rw-r--r-- 1 root root 73416 Mar 9 2001 ./usr/src/zoot/me/src/channel.o 162042 92 -rw-r--r-- 1 root root 86044 Mar 9 2001 ./usr/src/zoot/me/src/com-ons.o 162044 68 -rw-r--r-- 1 root root 61508 Mar 9 2001 ./usr/src/zoot/me/src/combot.o 162045 112 -rw-r--r-- 1 root root 106896 Mar 9 2001 ./usr/src/zoot/me/src/commands.o 162046 56 -rw-r--r-- 1 root root 50720 Mar 9 2001 ./usr/src/zoot/me/src/dcc.o 162047 64 -rw-r--r-- 1 root root 60736 Mar 9 2001 ./usr/src/zoot/me/src/debug.o 162048 72 -rw-r--r-- 1 root root 69216 Mar 9 2001 ./usr/src/zoot/me/src/function.o 162049 96 -rw-r--r-- 1 root root 91440 Mar 9 2001 ./usr/src/zoot/me/src/link.o 162050 80 -rw-r--r-- 1 root root 75612 Mar 9 2001 ./usr/src/zoot/me/src/main.o 162052 76 -rw-r--r-- 1 root root 72424 Mar 9 2001 ./usr/src/zoot/me/src/parse.o 162053 56 -rw-r--r-- 1 root root 50208 Mar 9 2001 ./usr/src/zoot/me/src/socket.o 162054 76 -rw-r--r-- 1 root root 69852 Mar 9 2001 ./usr/src/zoot/me/src/userlist.o 162055 48 -rw-r--r-- 1 root root 46868 Mar 9 2001 ./usr/src/zoot/me/src/vars.o 162056 84 -rw-r--r-- 1 root root 81868 Mar 9 2001 ./usr/src/zoot/me/src/xmech.o 433375 464 -rwxr-xr-x 1 root root 469509 Mar 9 2001 ./usr/src/zoot/me/sendmail 433376 96 -rw-r--r-- 1 root root 90855 Dec 2 22:40 ./usr/src/zoot/me/Xelar.seen 433377 4 -rw-r--r-- 1 root root 511 Dec 2 22:00 ./usr/src/zoot/me/mech.session 433378 4 -rw-r--r-- 1 root root 1149 Mar 24 2001 ./usr/src/zoot/Makefile 239170 20 -rw-r--r-- 1 root root 18124 Oct 28 2000 ./usr/src/zoot/ps/CHANGES 239171 20 -rw------- 1 root root 17982 May 15 1997 ./usr/src/zoot/ps/COPYING 240063 4 -rw-r--r-- 1 root root 2660 Aug 8 2000 ./usr/src/zoot/ps/FAQ 241994 4 -rw-r--r-- 1 root root 394 Oct 28 2000 ./usr/src/zoot/ps/Makefile 241995 36 -rw-r--r-- 1 root root 36075 Oct 28 2000 ./usr/src/zoot/ps/README 241996 4 -rw-r--r-- 1 root root 76 Oct 28 2000 ./usr/src/zoot/ps/TODO 433380 4 -rw-r--r-- 1 root root 315 Dec 3 1999 ./usr/src/zoot/ps/help/ADDLOG.TXT 433381 4 -rw-r--r-- 1 root root 361 Dec 3 1999 ./usr/src/zoot/ps/help/DELLOG.TXT 433382 4 -rw-r--r-- 1 root root 183 Dec 3 1999 ./usr/src/zoot/ps/help/LISTLOGS.TXT 433383 4 -rw-r--r-- 1 root root 1465 Dec 3 1999 ./usr/src/zoot/ps/help/PLAYTRAFFICLOG.TXT 433384 4 -rw-r--r-- 1 root root 279 Dec 3 1999 ./usr/src/zoot/ps/help/PROXY.TXT 433385 4 -rw-r--r-- 1 root root 250 Dec 3 1999 ./usr/src/zoot/ps/help/SETLEAVEMSG.TXT 433386 4 -rw-r--r-- 1 root root 282 Dec 3 1999 ./usr/src/zoot/ps/help/SETAWAYNICK.TXT 433387 4 -rw-r--r-- 1 root root 339 Dec 3 1999 ./usr/src/zoot/ps/help/ADDAUTOOP.TXT 433388 4 -rw-r--r-- 1 root root 234 Dec 3 1999 ./usr/src/zoot/ps/help/DELAUTOOP.TXT 433389 4 -rw-r--r-- 1 root root 223 Dec 3 1999 ./usr/src/zoot/ps/help/LISTAUTOOPS.TXT 433393 4 -rw-r--r-- 1 root root 146 Dec 3 1999 ./usr/src/zoot/ps/help/ACOLLIDE.TXT 433396 4 -rw-r--r-- 1 root root 593 Dec 3 1999 ./usr/src/zoot/ps/help/ADDALLOW.TXT 433397 4 -rw-r--r-- 1 root root 416 Dec 3 1999 ./usr/src/zoot/ps/help/ADDASK.TXT 433398 4 -rw-r--r-- 1 root root 236 Dec 3 1999 ./usr/src/zoot/ps/help/ADDBAN.TXT 433399 4 -rw-r--r-- 1 root root 445 Dec 3 1999 ./usr/src/zoot/ps/help/ADDDCC.TXT 433400 4 -rw-r--r-- 1 root root 955 Dec 3 1999 ./usr/src/zoot/ps/help/ADDNETWORK.TXT 433401 4 -rw-r--r-- 1 root root 434 Dec 3 1999 ./usr/src/zoot/ps/help/ADDOP.TXT 433402 4 -rw-r--r-- 1 root root 264 Dec 3 1999 ./usr/src/zoot/ps/help/ADDSERVER.TXT 433403 4 -rw-r--r-- 1 root root 412 Dec 3 1999 ./usr/src/zoot/ps/help/ADDUSER.TXT 433404 4 -rw-r--r-- 1 root root 114 Dec 3 1999 ./usr/src/zoot/ps/help/BCONNECT.TXT 433405 4 -rw-r--r-- 1 root root 22 Dec 3 1999 ./usr/src/zoot/ps/help/BHELP.TXT 433406 4 -rw-r--r-- 1 root root 105 Dec 3 1999 ./usr/src/zoot/ps/help/BKILL.TXT 433407 4 -rw-r--r-- 1 root root 136 Dec 3 1999 ./usr/src/zoot/ps/help/BQUIT.TXT 433408 4 -rw-r--r-- 1 root root 259 Dec 3 1999 ./usr/src/zoot/ps/help/BWHO.TXT 433409 4 -rw-r--r-- 1 root root 189 Dec 3 1999 ./usr/src/zoot/ps/help/DELALLOW.TXT 433410 4 -rw-r--r-- 1 root root 241 Dec 3 1999 ./usr/src/zoot/ps/help/DELASK.TXT 433411 4 -rw-r--r-- 1 root root 183 Dec 3 1999 ./usr/src/zoot/ps/help/DELBAN.TXT 433412 4 -rw-r--r-- 1 root root 213 Dec 3 1999 ./usr/src/zoot/ps/help/DELDCC.TXT 433413 4 -rw-r--r-- 1 root root 329 Dec 3 1999 ./usr/src/zoot/ps/help/DELENCRYPT.TXT 433462 4 -rw-r--r-- 1 root root 152 Dec 3 1999 ./usr/src/zoot/ps/help/DELLINK.TXT 433463 4 -rw-r--r-- 1 root root 92 Dec 3 1999 ./usr/src/zoot/ps/help/DELNETWORK.TXT 433464 4 -rw-r--r-- 1 root root 268 Dec 3 1999 ./usr/src/zoot/ps/help/DELOP.TXT 433465 4 -rw-r--r-- 1 root root 350 Dec 3 1999 ./usr/src/zoot/ps/help/DELSERVER.TXT 433466 4 -rw-r--r-- 1 root root 342 Dec 3 1999 ./usr/src/zoot/ps/help/DELTRANSLATE.TXT 433467 4 -rw-r--r-- 1 root root 149 Dec 3 1999 ./usr/src/zoot/ps/help/DELUSER.TXT 433468 4 -rw-r--r-- 1 root root 673 Dec 3 1999 ./usr/src/zoot/ps/help/ENCRYPT.TXT 433469 4 -rw-r--r-- 1 root root 235 Dec 3 1999 ./usr/src/zoot/ps/help/ERASEMAINLOG.TXT 433470 4 -rw-r--r-- 1 root root 279 Dec 3 1999 ./usr/src/zoot/ps/help/ERASEPRIVATELOG.TXT 433471 4 -rw-r--r-- 1 root root 280 Dec 3 1999 ./usr/src/zoot/ps/help/ERASETRAFFICLOG.TXT 433472 4 -rw-r--r-- 1 root root 472 Dec 3 1999 ./usr/src/zoot/ps/help/JUMP.TXT 433473 4 -rw-r--r-- 1 root root 438 Dec 3 1999 ./usr/src/zoot/ps/help/LINKFROM.TXT 433474 4 -rw-r--r-- 1 root root 541 Dec 3 1999 ./usr/src/zoot/ps/help/LINKTO.TXT 433475 4 -rw-r--r-- 1 root root 120 Dec 3 1999 ./usr/src/zoot/ps/help/LISTALLOW.TXT 433476 4 -rw-r--r-- 1 root root 164 Dec 3 1999 ./usr/src/zoot/ps/help/LISTASK.TXT 433477 4 -rw-r--r-- 1 root root 118 Dec 3 1999 ./usr/src/zoot/ps/help/LISTBANS.TXT 433478 4 -rw-r--r-- 1 root root 129 Dec 3 1999 ./usr/src/zoot/ps/help/LISTDCC.TXT 433479 4 -rw-r--r-- 1 root root 143 Dec 3 1999 ./usr/src/zoot/ps/help/LISTENCRYPT.TXT 433480 4 -rw-r--r-- 1 root root 174 Jul 30 2000 ./usr/src/zoot/ps/help/LISTLINKS.TXT 433481 4 -rw-r--r-- 1 root root 162 Dec 3 1999 ./usr/src/zoot/ps/help/LISTOPS.TXT 433482 4 -rw-r--r-- 1 root root 103 Dec 3 1999 ./usr/src/zoot/ps/help/LISTSERVERS.TXT 433483 4 -rw-r--r-- 1 root root 122 Dec 3 1999 ./usr/src/zoot/ps/help/MADMIN.TXT 433484 4 -rw-r--r-- 1 root root 223 Dec 3 1999 ./usr/src/zoot/ps/help/NAMEBOUNCER.TXT 433485 4 -rw-r--r-- 1 root root 324 Dec 3 1999 ./usr/src/zoot/ps/help/PASSWORD.TXT 433486 4 -rw-r--r-- 1 root root 222 Dec 3 1999 ./usr/src/zoot/ps/help/PLAYMAINLOG.TXT 433487 4 -rw-r--r-- 1 root root 271 Dec 3 1999 ./usr/src/zoot/ps/help/PLAYPRIVATELOG.TXT 433488 4 -rw-r--r-- 1 root root 262 Dec 3 1999 ./usr/src/zoot/ps/help/RELAYLINK.TXT 433489 4 -rw-r--r-- 1 root root 267 Dec 3 1999 ./usr/src/zoot/ps/help/SETAWAY.TXT 433490 4 -rw-r--r-- 1 root root 85 Dec 3 1999 ./usr/src/zoot/ps/help/SETUSERNAME.TXT 433491 4 -rw-r--r-- 1 root root 423 Dec 3 1999 ./usr/src/zoot/ps/help/SOCKSTAT.TXT 433492 4 -rw-r--r-- 1 root root 884 Dec 3 1999 ./usr/src/zoot/ps/help/TRANSLATE.TXT 433493 4 -rw-r--r-- 1 root root 109 Dec 3 1999 ./usr/src/zoot/ps/help/UNADMIN.TXT 433494 4 -rw-r--r-- 1 root root 250 Dec 3 1999 ./usr/src/zoot/ps/help/VHOST.TXT 433495 4 -rw-r--r-- 1 root root 403 Dec 4 1999 ./usr/src/zoot/ps/help/SETLINKKEY.TXT 433496 4 -rw-r--r-- 1 root root 531 Dec 4 1999 ./usr/src/zoot/ps/help/SETUSERKEY.TXT 433497 4 -rw-r--r-- 1 root root 195 Dec 4 1999 ./usr/src/zoot/ps/help/RELINK.TXT 433498 4 -rw-r--r-- 1 root root 152 Jul 30 2000 ./usr/src/zoot/ps/help/DCCCHAT.TXT 433499 4 -rw-r--r-- 1 root root 184 Jul 30 2000 ./usr/src/zoot/ps/help/DCCANSWER.TXT 433500 4 -rw-r--r-- 1 root root 200 Jul 30 2000 ./usr/src/zoot/ps/help/DCCSEND.TXT 433501 4 -rw-r--r-- 1 root root 244 Jul 30 2000 ./usr/src/zoot/ps/help/DCCGET.TXT 433502 4 -rw-r--r-- 1 root root 140 Jul 30 2000 ./usr/src/zoot/ps/help/DCCCANCEL.TXT 433503 4 -rw-r--r-- 1 root root 101 Dec 3 1999 ./usr/src/zoot/ps/help/BREHASH.TXT 433504 4 -rw-r--r-- 1 root root 68 Jul 31 2000 ./usr/src/zoot/ps/help/SRELOAD.TXT 433505 4 -rw-r--r-- 1 root root 107 Jul 31 2000 ./usr/src/zoot/ps/help/LISTTASKS.TXT 433506 4 -rw-r--r-- 1 root root 268 Aug 5 2000 ./usr/src/zoot/ps/help/SWITCHNET.TXT 433507 4 -rw-r--r-- 1 root root 240 Oct 14 2000 ./usr/src/zoot/ps/help/DCCENABLE.TXT 433508 4 -rw-r--r-- 1 root root 93 Oct 21 2000 ./usr/src/zoot/ps/help/AIDLE.TXT 433509 4 -rw-r--r-- 1 root root 128 Oct 21 2000 ./usr/src/zoot/ps/help/AUTOREJOIN.TXT 433510 4 -rw-r--r-- 1 root root 142 Oct 21 2000 ./usr/src/zoot/ps/help/LEAVEQUIT.TXT 224222 4 -rw-r--r-- 1 root root 70 Jul 17 2000 ./usr/src/zoot/ps/log/INFO 224223 8 -rw------- 1 root root 4444 Dec 2 17:05 ./usr/src/zoot/ps/log/psybnc.log 224716 0 -rw------- 1 root root 0 Nov 26 22:53 ./usr/src/zoot/ps/log/USER1.TRL 225977 0 -rw------- 1 root root 0 Nov 26 22:53 ./usr/src/zoot/ps/log/USER2.TRL 225978 0 -rw------- 1 root root 0 Dec 2 21:46 ./usr/src/zoot/ps/log/USER3.TRL 162062 4 -rw-r--r-- 1 root root 127 Jul 16 2000 ./usr/src/zoot/ps/menuconf/help/h101.txt 162063 4 -rw-r--r-- 1 root root 179 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h102.txt 162064 4 -rw-r--r-- 1 root root 55 Jul 30 2000 ./usr/src/zoot/ps/menuconf/help/h103.txt 162066 4 -rw-r--r-- 1 root root 24 Jul 16 2000 ./usr/src/zoot/ps/menuconf/help/h104.txt 162067 4 -rw-r--r-- 1 root root 57 Jul 16 2000 ./usr/src/zoot/ps/menuconf/help/h106.txt 162068 4 -rw-r--r-- 1 root root 72 Jul 16 2000 ./usr/src/zoot/ps/menuconf/help/h107.txt 162069 4 -rw-r--r-- 1 root root 47 Jul 16 2000 ./usr/src/zoot/ps/menuconf/help/h105.txt 162070 4 -rw-r--r-- 1 root root 192 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h201.txt 162071 4 -rw-r--r-- 1 root root 177 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h202.txt 162072 4 -rw-r--r-- 1 root root 251 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h204.txt 162073 4 -rw-r--r-- 1 root root 223 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h203.txt 162074 4 -rw-r--r-- 1 root root 188 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h206.txt 162075 4 -rw-r--r-- 1 root root 129 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h205.txt 162076 4 -rw-r--r-- 1 root root 267 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h207.txt 162077 4 -rw-r--r-- 1 root root 209 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h208.txt 162078 4 -rw-r--r-- 1 root root 214 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h209.txt 162079 4 -rw-r--r-- 1 root root 90 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h210.txt 162080 4 -rw-r--r-- 1 root root 224 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h211.txt 162081 4 -rw-r--r-- 1 root root 134 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h212.txt 162082 4 -rw-r--r-- 1 root root 216 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h213.txt 162083 4 -rw-r--r-- 1 root root 249 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h214.txt 162084 4 -rw-r--r-- 1 root root 170 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h215.txt 162085 4 -rw-r--r-- 1 root root 155 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h216.txt 162086 4 -rw-r--r-- 1 root root 267 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h217.txt 162087 4 -rw-r--r-- 1 root root 216 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h218.txt 162088 4 -rw-r--r-- 1 root root 171 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h501.txt 162089 4 -rw-r--r-- 1 root root 66 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h502.txt 162090 4 -rw-r--r-- 1 root root 150 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h503.txt 162091 4 -rw-r--r-- 1 root root 164 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h504.txt 162128 4 -rw-r--r-- 1 root root 244 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h505.txt 162129 4 -rw-r--r-- 1 root root 125 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h301.txt 162130 4 -rw-r--r-- 1 root root 187 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h302.txt 162131 4 -rw-r--r-- 1 root root 168 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h303.txt 162132 4 -rw-r--r-- 1 root root 146 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h304.txt 162133 4 -rw-r--r-- 1 root root 125 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h305.txt 162134 4 -rw-r--r-- 1 root root 221 Jul 30 2000 ./usr/src/zoot/ps/menuconf/help/h601.txt 162135 4 -rw-r--r-- 1 root root 95 Jul 30 2000 ./usr/src/zoot/ps/menuconf/help/h306.txt 162136 4 -rw-r--r-- 1 root root 50 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h701.txt 162137 4 -rw-r--r-- 1 root root 40 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h702.txt 162138 4 -rw-r--r-- 1 root root 51 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h703.txt 162139 4 -rw-r--r-- 1 root root 262 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h704.txt 162140 4 -rw-r--r-- 1 root root 58 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h705.txt 162141 4 -rw-r--r-- 1 root root 85 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h706.txt 162142 4 -rw-r--r-- 1 root root 119 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h707.txt 162143 4 -rw-r--r-- 1 root root 172 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h708.txt 162144 4 -rw-r--r-- 1 root root 137 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h709.txt 162145 4 -rw-r--r-- 1 root root 187 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h710.txt 162146 4 -rw-r--r-- 1 root root 129 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h711.txt 162147 4 -rw-r--r-- 1 root root 203 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h712.txt 162148 4 -rw-r--r-- 1 root root 135 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h713.txt 162149 4 -rw-r--r-- 1 root root 193 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h714.txt 162150 4 -rw-r--r-- 1 root root 111 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h716.txt 162151 4 -rw-r--r-- 1 root root 48 Aug 8 2000 ./usr/src/zoot/ps/menuconf/help/h219.txt 162152 4 -rw-r--r-- 1 root root 145 Jul 17 2000 ./usr/src/zoot/ps/menuconf/help/h715.txt 162153 4 -rw-r--r-- 1 root root 137 Jul 23 2000 ./usr/src/zoot/ps/menuconf/help/h220.txt 162154 4 -rw-r--r-- 1 root root 65 Aug 8 2000 ./usr/src/zoot/ps/menuconf/help/h221.txt 162176 1312 -rwxr-xr-x 1 root root 1336646 Oct 28 2000 ./usr/src/zoot/ps/menuconf/menuconf 447497 4 -rw-r--r-- 1 root root 99 Jul 17 2000 ./usr/src/zoot/ps/motd/INFO 447498 4 -rw------- 1 root root 1528 Nov 28 20:23 ./usr/src/zoot/ps/motd/USER1.MOTD 447499 4 -rw------- 1 root root 1480 Nov 26 22:55 ./usr/src/zoot/ps/motd/USER2.MOTD 447500 4 -rw------- 1 root root 1510 Nov 26 22:53 ./usr/src/zoot/ps/motd/USER1.MOTD.old 447501 4 -rw------- 1 root root 1805 Dec 2 21:55 ./usr/src/zoot/ps/motd/USER3.MOTD 447502 4 -rw------- 1 root root 1805 Dec 2 21:47 ./usr/src/zoot/ps/motd/USER3.MOTD.old 241997 4 -rwxr-xr-x 1 root root 369 Aug 8 2000 ./usr/src/zoot/ps/psybncchk 255022 4 -rw-r--r-- 1 root root 136 Jul 22 2000 ./usr/src/zoot/ps/scripts/INFO 270990 4 -rw-r--r-- 1 root root 397 Aug 13 2000 ./usr/src/zoot/ps/scripts/example/DEFAULT.SCRIPT 447504 940 -rwxr-xr-x 1 root root 957088 Oct 28 2000 ./usr/src/zoot/ps/tools/convconf 241998 4 -rw------- 1 root root 2803 Dec 2 22:18 ./usr/src/zoot/ps/psybnc.conf 241999 528 -rwxr-xr-x 1 root root 533616 Oct 28 2000 ./usr/src/zoot/ps/portmap 242000 4 -rw------- 1 root root 7 Nov 26 22:51 ./usr/src/zoot/ps/psybnc.pid 242001 4 -rw------- 1 root root 2834 Dec 2 22:18 ./usr/src/zoot/ps/psybnc.conf.old 242002 4 -rw------- 1 root root 141 Dec 2 21:46 ./usr/src/zoot/ps/USER2.LOG 242003 4 -rw------- 1 root root 2252 Dec 2 16:02 ./usr/src/zoot/ps/USER2.LOG.old 242004 4 -rw------- 1 root root 228 Nov 27 14:21 ./usr/src/zoot/ps/USER1.LOG.old 447506 8 -rwxr-xr-x 1 root root 6548 Apr 19 2001 ./usr/src/zoot/bin/chklastlog 447507 16 -rwxr-xr-x 1 root root 14834 Mar 17 2001 ./usr/src/zoot/bin/chkproc 447508 24 -rwxr-xr-x 1 root root 23466 Jan 29 2001 ./usr/src/zoot/bin/chkrootkit 447930 8 -rwxr-xr-x 1 root root 4284 Apr 19 2001 ./usr/src/zoot/bin/chkwtmp 447931 8 -rwxr-xr-x 1 root root 4544 Apr 19 2001 ./usr/src/zoot/bin/ifpromisc 447932 4 -rwxr-xr-x 1 root root 325 Apr 20 2001 ./usr/src/zoot/bin/chkremote 447934 8 -rwxr-xr-x 1 root root 6124 Apr 19 2001 ./usr/src/zoot/dos/s 447955 8 -rwxr-xr-x 1 root root 4228 Apr 19 2001 ./usr/src/zoot/dos/v 447994 8 -rwxr-xr-x 1 not not 4380 Apr 19 2001 ./usr/src/zoot/dos/st 447995 20 -rwxr-xr-x 1 root root 16398 Nov 23 14:51 ./usr/src/zoot/dos/w 433511 8 -rwxr-xr-x 1 root root 5310 Apr 19 2001 ./usr/src/zoot/hideps 433512 4 -rwxr-xr-x 1 root root 125 Nov 23 15:18 ./usr/src/zoot/module1 447997 28 -rwxr-xr-x 1 root root 26736 Apr 19 2001 ./usr/src/zoot/sbin/identd 433513 4 -rwxr-xr-x 1 root root 4060 Jan 30 2001 ./usr/src/zoot/sense 448038 4 -rw-r--r-- 1 root root 1819 Apr 20 2001 ./usr/src/zoot/src/ered.c 448149 4 -rw-r--r-- 1 root root 1161 Nov 17 1999 ./usr/src/zoot/src/hidef.c 448151 28 -rw-r--r-- 1 root root 25762 Apr 20 2001 ./usr/src/zoot/src/knark.c 448152 4 -rw-r--r-- 1 root root 1926 Nov 4 1999 ./usr/src/zoot/src/modhide.c 448157 4 -rw-r--r-- 1 root root 975 Nov 17 1999 ./usr/src/zoot/src/rootme.c 448160 4 -rw-r--r-- 1 root root 1280 Nov 18 1999 ./usr/src/zoot/src/knark.h 448459 4 -rw-r--r-- 1 root root 3316 Apr 20 2001 ./usr/src/zoot/src/rexec.c 448461 4 -rw-r--r-- 1 root root 1133 Apr 20 2001 ./usr/src/zoot/src/nethide.c 448462 4 -rw-r--r-- 1 root root 261 Mar 24 2001 ./usr/src/zoot/src/author_banner.c 433514 4 -rwxr-xr-x 1 root root 1024 Feb 3 2000 ./usr/src/zoot/.syslog.old 433515 4 -rwxr-xr-x 1 root root 605 Nov 23 15:28 ./usr/src/zoot/string 433516 356 -rw-r--r-- 1 root root 357621 Dec 2 22:47 ./usr/src/zoot/tcp.log 433294 128 -rwxr-xr-x 1 root root 124076 Apr 19 2001 ./bin/wget 433295 16 -rwsr-xr-x 1 root root 14188 Apr 19 2001 ./bin/su 433296 20 -rwxr-xr-x 1 root root 20452 Apr 19 2001 ./bin/login 433356 32 -rwxr-xr-x 1 root root 30628 Apr 19 2001 ./bin/netstat 433359 44 -rwxr-xr-x 1 root root 43024 Apr 19 2001 ./bin/ls 433360 36 -r-xr-xr-x 1 root root 36565 Apr 19 2001 ./bin/ps ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 03)
- Re: linux 'zoot' rootkit/DoSkit/etc Konrad Rieck (Dec 03)
- Re: linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 05)
- Re: linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 05)
- <Possible follow-ups>
- Re: linux 'zoot' rootkit/DoSkit/etc Fredrik Ostergren (Dec 05)
- Re: linux 'zoot' rootkit/DoSkit/etc Konrad Rieck (Dec 03)