Root Kit Information

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Gary Nichols
Date:  
Subject: Root Kit Information
On Wed, 23 Oct 2002 wrote:
> Does anyone know if there is a website that has info about root kits. One of my servers was infected with the ShowTee
> root kit. I did find some info about ShowTee by searching on google, but it wasn't as helpful as I'd have hoped.
> I'm looking for something similar to Symantec's Virus Encyclopedia, where I can type in the name of a virus and I get
> detailed info about how it spreads, what type of files it infects, how to clean it and any variants of the virus.
> Is there such a site for root kits?


I take it the server is offline now? Did you figure out how the attacker
got the rootkit on your box?

Showtee is a nasty kit. It lets the attacker plant ssh and telnet
backdoors into systems.

What's worse? It includes an ssh binary which captures login
credentials that mails the captured booty to the attacker.

Showtee is also bi-polar. Not only does it locate exploitable services
and vulnerabilities on your system, it fixes them so other hax0rs can't
take over your box while the attacker controls it.


--
Gary Nichols RHCE
http://www.linuxchimp.com