Security Incidents mailing list archives
Re: TuxKit1.0 and other rootkits
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Mon, 11 Feb 2002 12:02:25 -0500 (EST)
On Mon, 11 Feb 2002, Rune Henssel wrote:
Anybody know a RootKit called TuxKit1.0 and another kit that creates the following files:
i have seen several of those components installed on an ssh compromised machine (ssh 1.2) from late january, 2002. the pieces were installed in /var/preserve/vbox and /dev/ida/.inet. several of the same pieces. basically r00t is a collection of several older (well known, with bugs fixed) exploits. if you wanna trade MD5 sums, i'd be happy, but this appears to be a pretty run of the mill set of exploits. included, of course, were ssh, sshd and various other trojans. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- TuxKit1.0 and other rootkits Rune Henssel (Feb 11)
- Re: TuxKit1.0 and other rootkits Jose Nazario (Feb 11)
- Re: TuxKit1.0 and other rootkits GiulioMaria Fontana (Feb 12)