helo dudes...

once again... SVAT strikes.
I'm not a great README file writer.
So i make it as short as possible.
What you got is a source-code infector wich replaces (if there is one)
the stdio.h file in /usr/local/include directory.
Normally there is nothing wich can become destroyed.
Due to a nice feature in GCC its possible to include nasty code
in every file wich gets compiled. 
[Of corse you need to be root to touch files in the described dir.]
This is possible bcoz GCC searches in /usr/local/include for stdio.h
before it gets the real one in /usr/include.
Our virus simply gives GCC this stdio.h wich includes the real one.
So there should be no errors while comiling the future-infected file.
For further information look at califax.c, the virus source. Its well
commented.
There are some other files too wich you may be need to build
the virus. Type 'make' and you will get a new califax.c wich you have to
compile. 

The other files are:

	+ _head.c 	- the header of the virii
	+ dump.c  	- needed to build some new virii
	+ Makefile	- umpf...
	+ udos.c	- body of the virus
	+ main.c	- wich holdes main()
	+ test.c	- dummy-file, compile this after you started califax
			  and it will become infected.

ok, what have has califax ? (urgh ...)

	+ simple polymorhism/mutation due to different gcc flags
	+ encryption with up to 256*256*256*256 different keys
	+ multi-platform support
	  + jumps to M$-DOS if it finds a mounted msdos filesystem
	    and there is a GCC installed on it

what is doesn't have, but whats needed:

	+ a become_root() function
	+ socket() calls :)
	+ ...

what you need to run it:

	+ either a linux with gcc on it, or
	+ M$-DOS also with the gcc

califax was tested with kernel 2.0.33 and GCC 2.7.2 and libc 5.3.12
and on the dos target: DOS 6.22 with GCC 2.5.7 where the includes are
installed also on /usr/include.
If it doesnt work, you should use the -v flag while you compile
test.c.

last but not least:
This is for educational purposes only!
You use this at your own risk. I'm not responsible for any damage you maybe get
due to playing around with this.
Delete this package if you dont agree.

ok, greets fly out to:

lcamtuf, CyberPsychotic, Serial, NetW0rker, K2 aka nalez, hyperSlash, kgb,

and especially to Doreen :)

Stealthf0rk / SVAT


