|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Johnny Cyberpunk (johncybpk
gmx.net)Date: Wed Jun 06 2001 - 15:56:01 CDT
Shawn,
it seems to be the Adore Rootkit.
There is a complete Analysis of this Rootkit on the following link :
http://www.sans.org/y2k/the_compromise.htm
It describes also that a rootNoraD is being created.
hope that helps !
cheers
Johnny.Cyberpunkillegalaccess.org
----- Original Message -----
From: "SecLists" <listssecure.stargate.net>
To: <incidentssecurityfocus.com>
Sent: Wednesday, June 06, 2001 6:54 PM
Subject: solaris rootkit investigation
> Hello all...
>
> First time posting to the list here...
>
> One of our customers who we do security services for when they are needed
> recently had a Solaris 7 box compromised. There appears to be a rootkit
> installed that opens an ssh daemon on port 27354 with a sshd_host_key.pub
> of:
>
> ...rootNoraD
>
> has anyone seen this before? or has any info on it? ie, what binaries have
> been trojaned, what files have been replaced, etc.??
>
> Thanks,
>
> Shawn Duffy
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]