Security Incidents mailing list archives

Re: spanish rootkit

From: typo () INFERNO TUSCULUM EDU
Date: Wed, 20 Sep 2000 21:02:27 +0200

On Wed, Sep 20, 2000 at 02:42:46PM +0200, Vitaly Osipov wrote:

even uses kernel module for hiding processes/listening ports (module is
called adore.o). And it is written somewhere in Spain - I attach it's
install script (rootkit itself is charbd.tar.gz). Is it something known or
more or less new? And can somebody please translate the comments from that
script?


only the install script seems to be written in a spanish, portoguese or
similiar speaking country.

the kernelmodule (adore) is available from http://teso.scene.at/ 's release
section.

$ head -2 adore.c
/*** (C) 1999/2000 by Stealth -- http://www.scorpions.net/~stealth
 ***                             http://teso.scene.at
 ***
 ***
 *** (C)'ed Under a BSDish license. Please look at LICENSE-file.
 *** SO YOU USE THIS AT YOUR OWN RISK!
 *** YOU ARE ONLY ALLOWED TO USE THIS IN LEGAL MANNERS.
 *** !!! FOR EDUCATIONAL PURPOSES ONLY !!!

Current thread:

spanish rootkit Vitaly Osipov (Sep 20)
- Re: spanish rootkit Elias Levy (Sep 20)
- Re: spanish rootkit typo (Sep 21)
  - charbd rootkit ( Re: spanish rootkit) Vitaly Osipov (Sep 22)
- <Possible follow-ups>
- Re: spanish rootkit John Yang (Sep 21)
- Re: spanish rootkit Martins, Fernando (Lisbon) (Sep 22)