Security Incidents mailing list archives
Re: linux 'zoot' rootkit/DoSkit/etc
From: "James W. Abendschan" <jwa () jammed com>
Date: Wed, 5 Dec 2001 00:34:34 -0800 (PST)
On Mon, 3 Dec 2001, Konrad Rieck wrote:
I don't believe this toolkit of trojans is called "zoot". Every RedHat Linux release goes with a unique name and *suprise* RedHat Linux 6.2 is titled "zoot" and for example RedHat Linux 7.2 is called "enigma".
a few files were tagged with 'zoot' -- /sbin/zoot.sshd, /sbin/zoot.snfd, /sbin/zoot.sshd-conf, /sbin/zoot.telnetd. Plus, there was quite a cache of files in /usr/src/zoot/. Thus the proposed name :) Was it called 'zoot' because it only works on RH 6.2? Was it a weak play on 'root' ? does 'zoot' mean 'w00t' in Romanian? Who knows .. James ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 03)
- Re: linux 'zoot' rootkit/DoSkit/etc Konrad Rieck (Dec 03)
- Re: linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 05)
- Re: linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 05)
- <Possible follow-ups>
- Re: linux 'zoot' rootkit/DoSkit/etc Fredrik Ostergren (Dec 05)
- Re: linux 'zoot' rootkit/DoSkit/etc Konrad Rieck (Dec 03)