Re: RootKits Question

Date: 08/01/01

Subject: Re: RootKits Question
Date: Wed, 1 Aug 2001 13:11:09 -0400 (EDT)

> Does anyone know of any rootkits off the top of their head that leave a
> /sbin/a.out behind?

a.out is the default name of a C program after it has been compiled or
linked. For instance if you had the source code:


to compile and you typed:

        gcc test.c

It would produce an executable called a.out.

If you want to find out more about this exectable type use the strings
and nm command:

        strings a.out > strings.out
        nm a.out > nm.out

The first command will list all the strings in the executable, and
the second command will list all the symbols in the executable.
This should give you enough information to at least have a clue about what
this little program was supposed to do.