Archive A Reconstructed © MegaSecurity Database

• a
• b
• c
• d
• e
• f
• g
• h
• i
• j
• k
• l
• m
• n
• o
• p
• q
• r
• s
• t
• u
• v
• w
• x
• y
• z
• other

Server:
C:\WINDOWS\SYSTEM\SKA.EXE

size: 6.144 bytes

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

;============================================================================
; Demo Win32 NetBus worm.
;
; This is a simple Internet worm using NetBus servers to propagate.
; The worm periodically scans it's own (class C) subnet for NetBus 1
; servers, and uploads itself to the hosts that have the server running,
; after which the uploaded copy will be remotely executed.
;
; The only reason why I targetted NetBus 1 was because it's the only
; backdoor trojan I had on my harddrive. It would have been better to
; target Sub-Seven servers, as these are far more widespread (and more
; powerful aswell).
;
; Oh yeah, it also uses Happy99 to travel..
;
; T-2000/IR, March 2000.

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.