# $RootCheck: list.txt ,v 1.0 2003/10/17, Daniel B. Cid$
# Rootkit list

#Rpimp reverse telnet
rpimp! rpv21 (Reverse Pimpage)::/rootkits/rpimp.php
#Ovason backdoor
ovas0n! ovas0n backdoor ::/rootkits/ovason.php
ovason! ovas0n backdoor ::/rootkits/ovason.php
#Suspicious files
\/\.src$! Suspicious File::rootkits/Suspicious.php 
last\.cgi! Suspicious File::rootkits/Suspicious.php
nobody\.cgi! Suspicious File::rootkits/Suspicious.php
void\.cgi! Suspicious File::rootkits/Suspicious.php
all4one\.cgi! Suspicious File::rootkits/Suspicious.php
xntps! Suspicious File::rootkits/Suspicious.php
\/\.xman\/! Suspicious File::rootkits/Suspicious.php
\/\.arctic\/! Suspicious File::rootkits/Suspicious.php
psybnc! Suspicious File::rootkits/Suspicious.php
mech\.session! Suspicious File::rootkits/Suspicious.php
sshdu! Suspicious File::rootkits/Suspicious.php
#Old rootkits
sniff/lins! Old rootkits ::rootkits/Old.php
\/biba$! Old rootkits ::rootkits/Old.php
#Sniffers
\.linux-sniff! Sniffer log ::
sniff-l0g! Sniffer log ::
core_$! Sniffer log ::
tcp\.log! Sniffer log ::
chipsul! Sniffer log ::
beshina! Sniffer log ::
#bobkit
\/bkit-! Bobkit Rootkit ::rootkits/bobkit.php
#knark
\/taskhack! Knark Installed ::rootkits/knark.php
\/rootme! Knark Installed ::rootkits/knark.php
\/nethide! Knark Installed ::rootkits/knark.php 
\/hidef! Knark Installed ::rootkits/knark.php
\/ered! Knark Installed ::rootkits/knark.php
#t0rn
ldlib\.tk! t0rn Rootkit ::rootkits/torn.php
\.t0rn! t0rn Rootkit ::rootkits/torn.php
\/\.puta! t0rn Rootkit ::rootkits/torn.php
libproc\.a! t0rn Rootkit ::rootkits/torn.php
#LRK
bindshell! LRK rootkit ::rootkits/lrk.php
#Lion
1iOn\.sh! Lion worm ::rootkits/lion.php
#Ark
\/\.ark$! ark found ::
#Adore Worm
klogd\.o! Adore Worm ::/rootkits/adorew.php 
red\.tar! Adore Worm ::/rootkits/adorew.php
#Adore rootkit 
\/adore\/! Adore rootkit dir ::
#Illogic rootkit
uconf.inv! Illogic rootkit ::rootkits/illogic.php 
#SuckIT
\/hide$! SuckIT rootkit ::
hide\.log! Suckit rootkit ::
lib\/sk$! SuckIT rootkit ::
#Tuxkit
\/\.log$! Tuxkit rootkit ::rootkits/Tuxkit.php 
\/\.file$! Tuxkit rootkit ::rootkits/Tuxkit.php
\/\.addr$! Tuxkit rootkit ::rootkits/Tuxkit.php
