zoot - malignant kernel module
From: Ragnar Wisløff (ragnar@wisloff.no)Date: 11/03/01
- Previous message: Seth Arnold: "Re: changing root account name"
- Next in thread: Thomas Richter: "AW: zoot - malignant kernel module"
- Reply: Thomas Richter: "AW: zoot - malignant kernel module"
- Reply: Ragnar Wisløff: "Re: zoot - malignant kernel module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200111032142.WAA02772@mail47.fg.online.no> From: Ragnar Wisløff <ragnar@wisloff.no> To: <focus-linux@lists.securityfocus.com> Subject: zoot - malignant kernel module Date: Sat, 3 Nov 2001 22:41:14 +0100
Hello,
I've looked in vain around the net for some info on a kernel module and
probably root kit identified as "zoot".
Some symptoms on a RHL 6.2 running 2.2.19 and with most updates applied:
pop3 (imap-2000-3.phall) not responding
netstat segfaulting
inetd.conf empty
dmesg showed: zootsniff uses obsolete (PF_INET,SOCK_PACKET)
rc.sysinit modified, a line probably loading the module had been added
a number of .zoot* files in /
Anyone seen this? What does it do? Any info appreciated.
-- Mvh Ragnar Wisløff ---------- life is a reach. then you gybe
- Previous message: Seth Arnold: "Re: changing root account name"
- Next in thread: Thomas Richter: "AW: zoot - malignant kernel module"
- Reply: Thomas Richter: "AW: zoot - malignant kernel module"
- Reply: Ragnar Wisløff: "Re: zoot - malignant kernel module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
