Archive A Reconstructed © MegaSecurity Database
Blaire
Released 24 years, 3 months ago. January 2002
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | Blaire |
| Category | Remote Access |
| Version | Blaire |
| Released Date | Jan 2002, 24 years, 3 months ago. |
| Language | Delphi, compressed with UPX |
Additional Information
size: 633.344 bytes
Dropped Server:
c:\WINDOWS\WinSystem.exe
size: 190.976 bytes
port: 314 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinSystem"
added:
c:\WINDOWS\bdn.com
c:\WINDOWS\MSsecu.exe
Author Information / Description
This mass-mailing worm drops a remote access trojan and attempts to send itself to
email addresses found within files on the local system. Currently this worm is incapable
of emailing itself to others due to the fact that the hard coded mail server
used (smtp.wanadoo.fr) has turned relaying off. The worm is designed to send itself
using the following information:
From:
[email protected]
Subject: WARNING : Black_Piranha
Si vous pouvez lire cet e-mail, c'est que les services Microsoft on dTtecter la prTsence
du virus Black_Piranha dans votre systFme Windows. pour dTsinfecter votre systFme
vous n'avez qu'a exTcuter le programme en piece jointe.
Pour plus d'informations : http://www.microsoft.com
Attachment: MSsecu.exe
Executing the attachment infects the local machine. The MSsecu.exe file is copied to the WINDOWS directory. It's a dropper program, which displays pornographic images in a Windows.
WinSystem gathers email addresses from the following files:
.ASP
.HTM
.HTML
.PHP
README.TXT
These addresses are saved to the file BDN.COM in the WINDOWS directory.
The worm also acts as a backdoor trojan, listening on port 314 and emails your
IP address to the author:
[email protected]
(McAfee)This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.