zk rootkit

From: Alexander V. Karelin (karelin_at_nonexisting.hamakor.org.il)
Date: Tue 08 Jun 2004 - 23:01:03 IDT

• Next message: ik: "Re: zk rootkit"
• Previous message: aamehl: "Re: reinstalling sound driver"
• Next in thread: ik: "Re: zk rootkit"
• Reply: ik: "Re: zk rootkit"
• Maybe reply: ik: "Re: zk rootkit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Dear List,

I've been hacked by a stranger (continue this according to Walter Sobchak,
or the way You like) coming from:

80.96.145.53
80.96.145.60

the attacked has used zk rootkit (a rather painful sort of a hack). It
replaces /sbin/init and does a few other awful things too all resulting in
a rather unpleasant way: I have to reinstall all machines that have been
attacked or penetrated. But since this is not something that could be done
immediately (considering some of the machines are thousands of miles
away), I'd like to make sure I've locked the hacker for good. BTW: I'm
still unaware as to how he/she made his/her way in at first.

For that I'm searching for any information (i.e. sources) of the zk
rootkit. All and any help will be duely appreciated. Thank You.

Sincerely,
Alexander

=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il

• Next message: ik: "Re: zk rootkit"
• Previous message: aamehl: "Re: reinstalling sound driver"
• Next in thread: ik: "Re: zk rootkit"
• Reply: ik: "Re: zk rootkit"
• Maybe reply: ik: "Re: zk rootkit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.7 : Tue 08 Jun 2004 - 23:14:46 IDT