From SecurityFocus: "This is the third installment of a series devoted to examining hacker tools and their signatures. In this installment we will be looking at some of the
signatures related to the KOH rootkit. The purpose of this paper is to assist the reader in detecting the KOH rootkit. Through this process, it is hoped
that the reader will also learn steps to take to defend against the installation of these types of rootkits."
August 15, 2001