[TCLUG] chkrootkit-0.37-realtime.1

Tue Sep 17 01:26:02 CDT 2002

We (at Real Time) are seen evidence of Scalper and Slapper, so for your
pleasure:

+ chkrootkit-0.37-realtime.1
- chklastlog.c fix; (thanks to Gerard van Wageningen)
- chkproc.c improvements; (thanks to Morohoshi Akihiko, Kostya Kortchinsky 
  and Aaron Sherman)
- new rootkits detected:
  o OpenBSD rk v1
  o Illogic rootkit (thanks to Andrey Chernomyrdin)
  o SK rootkit (thanks to Razvan Cosma)
- new worms detected:
  o Scalper (FreeBSD/Apache chunked encoding worm)
  o Slapper (Apache/mod_ssl Worm)

Since gladiator is still syncing, the RPM will be available here:

http://www.tanners.org/~tanner/downloads/RPMS/

The RPM package has been signed with gnupg and my personal key.

To get my personal key:

        $ gpg --recv-key 2CC1B288

To check my personal key:

        $ gpg --fingerprint 2CC1B288
        Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288

To check the RPM package:

        $ rpm --checksig <package>

-- 
Bob Tanner <tanner at real-time.com>         | Phone : (952)943-8700
http://www.mn-linux.org, Minnesota, Linux | Fax   : (952)943-8500
http://www.tcwug.org, Minnesota, Wireless | Coding isn't a crime. 
Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020917/f147e329/attachment.pgp