Information about the Tuxkit Rootkit

This is a rootkit written by a Dutch group called Tuxtendo. It was found in
some infected Redhat 6.0/7.0 systems. A complete analyse of Tuxkit, done by
spoonfork (spoonfork@hackinthebox.org), can be found in the link:
http://www.ossec.net/rootkits/studies/tuxkit.txt

Files to search:

• dev/tux
• usr/bin/xsf
• usr/bin/xchk
• */.log
• */.file
• */.addr

Entries to search on file "/etc/rc.d/rc.sysinit":

• /usr/bin/xsf
• /usr/bin/xchk

*All files with an "*" need to be search in all system
**If you have any more information, send to: mail1, or to mail2.




$RootCheck: Tuxkit.php ,v 1.0 2003/10/16, Daniel B. Cid$