On Wed, 23 Oct 2002
az_pete@cactusfamily.com wrote:
> Does anyone know if there is a website that has info about root kits. One of my servers was infected with the ShowTee
> root kit. I did find some info about ShowTee by searching on google, but it wasn't as helpful as I'd have hoped.
> I'm looking for something similar to Symantec's Virus Encyclopedia, where I can type in the name of a virus and I get
> detailed info about how it spreads, what type of files it infects, how to clean it and any variants of the virus.
> Is there such a site for root kits?
I take it the server is offline now? Did you figure out how the attacker
got the rootkit on your box?
Showtee is a nasty kit. It lets the attacker plant ssh and telnet
backdoors into systems.
What's worse? It includes an ssh binary which captures login
credentials that mails the captured booty to the attacker.
Showtee is also bi-polar. Not only does it locate exploitable services
and vulnerabilities on your system, it fixes them so other hax0rs can't
take over your box while the attacker controls it.
--
Gary Nichols RHCE
http://www.linuxchimp.com
(text/plain)