Copyright (C) 2002 w00w00 Security Development (WSD)
      	                                         - w00lien v0.0.3 

 

 Welcome w00mutants!! w00(a)lien is a binary trojan (parasite) very
simple one which opens a portshell (uid 0, port - 20595). w00lien uses 
anti-debugging trick (thanks silvio). This version have three modes,
single mode,silent mode and smart mode, so choose your destiny ;)
 Single mode is the most simple one, it compiles the parasite
with out any encryption (Anti-debugging=enabled!). Silent mode use
some basic encryption, nothing very hardc0de ;) and smart mode use
burneye-1.0 by Teso (thanks Teso) to encrypt our parasite. 
 Remember to remove tmp file (/tmp/.para.tmp) when portshell 
opened.For compile it just run ./getalive and follow our usage. 
If you find any bugs, fixed them and mail it ;). w00lien is a baby
need a lot of work, this is why we make it public, we need your help.
If you find any silly bug it will be because I have to sleep some days ;)

 How it works??
 ~~~~~~~~~~~~~~
  Well, it is very simple, let's say we want to infected /bin/ls command with 
w00lien, 

  cat /bin/ls >> w00lien 
  mv w00lien /bin/ls

When 'idiot' will run /bin/ls, first w00lien will be actived and opens the 
portshell and after that the real /bin/ls. Simple e? ;)



 Greetz "fly" to : 
 ~~~~~~~~~~~~~~~~~
 #!w00w00     -  Yeap , w00w00 r0x ;)
 jduck        -  Nice work dude.
 K2           -  Take care.
 xfer         -  Where are you man?
 silvio       -  thanks for the help
 jobe         -  HERT r0x also ;)
 cybk0red     -  mpee cybk0red ;)
 shok         -  ;)
 ehg          -  mpee ehg, too ;)

    and others...