zoot - malignant kernel module

From: Ragnar Wisl°ff (ragnar@wisloff.no)
Date: 11/03/01


Message-Id: <200111032142.WAA02772@mail47.fg.online.no>
From: Ragnar Wisl°ff <ragnar@wisloff.no>
To: <focus-linux@lists.securityfocus.com>
Subject: zoot - malignant kernel module
Date: Sat, 3 Nov 2001 22:41:14 +0100

Hello,

I've looked in vain around the net for some info on a kernel module and
probably root kit identified as "zoot".

Some symptoms on a RHL 6.2 running 2.2.19 and with most updates applied:

pop3 (imap-2000-3.phall) not responding
netstat segfaulting
inetd.conf empty
dmesg showed: zootsniff uses obsolete (PF_INET,SOCK_PACKET)
rc.sysinit modified, a line probably loading the module had been added
a number of .zoot* files in /

Anyone seen this? What does it do? Any info appreciated.

-- 
Mvh
Ragnar Wisl°ff
----------
life is a reach. then you gybe



Relevant Pages

  • Re: zoot - malignant kernel module
    ... zoot - malignant kernel module ... l├Şrdag 03 november 2001 22:41 skrev Ragnar Wisl├Şff: ... > I've looked in vain around the net for some info on a kernel module and ... > probably root kit identified as "zoot". ...
    (Focus-Linux)
  • Re: AW: zoot - malignant kernel module
    ... Subject: AW: zoot - malignant kernel module ... > PacketStorm is no longer at this address; ... the RootKits, not anywhere.... ...
    (Focus-Linux)