Security Incidents mailing list archives

Re: linux 'zoot' rootkit/DoSkit/etc

From: "James W. Abendschan" <jwa () jammed com>
Date: Wed, 5 Dec 2001 00:34:34 -0800 (PST)

On Mon, 3 Dec 2001, Konrad Rieck wrote:

I don't believe this toolkit of trojans is called "zoot".  Every RedHat
Linux release goes with a unique name and *suprise* RedHat Linux 6.2 is
titled "zoot" and for example RedHat Linux 7.2 is called "enigma".


a few files were tagged with 'zoot'  -- /sbin/zoot.sshd, /sbin/zoot.snfd,
/sbin/zoot.sshd-conf, /sbin/zoot.telnetd.  Plus, there was quite a
cache of files in /usr/src/zoot/.  Thus the proposed name :)

Was it called 'zoot' because it only works on RH 6.2?  Was it 
a weak play on 'root' ?  does 'zoot' mean 'w00t' in Romanian?  Who
knows ..

James



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 03)
- Re: linux 'zoot' rootkit/DoSkit/etc Konrad Rieck (Dec 03)
  - Re: linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 05)
- Re: linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 05)
- <Possible follow-ups>
- Re: linux 'zoot' rootkit/DoSkit/etc Fredrik Ostergren (Dec 05)