.: Blaire :.
Released 19 years, 9 months ago. Jan 2002By ?
- Coded by: ?
- Version: Blaire
- Released date: Jan 2002, 19 years, 9 months ago.
- Coded in: Delphi, compressed with UPX
- Family: Blaire
- Category: Remote Access
size: 633.344 bytes Dropped Server: c:\WINDOWS\WinSystem.exe size: 190.976 bytes port: 314 TCP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinSystem" added: c:\WINDOWS\bdn.com c:\WINDOWS\MSsecu.exe
This mass-mailing worm drops a remote access trojan and attempts to send itself to email addresses found within files on the local system. Currently this worm is incapable of emailing itself to others due to the fact that the hard coded mail server used (smtp.wanadoo.fr) has turned relaying off. The worm is designed to send itself using the following information: From: --/EMAIL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\-- Subject: WARNING : Black_Piranha Si vous pouvez lire cet e-mail, c'est que les services Microsoft on dTtecter la prTsence du virus Black_Piranha dans votre systFme Windows. pour dTsinfecter votre systFme vous n'avez qu'a exTcuter le programme en piece jointe. Pour plus d'informations : --/URL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\-- Attachment: MSsecu.exe Executing the attachment infects the local machine. The MSsecu.exe file is copied to the WINDOWS directory. It's a dropper program, which displays pornographic images in a Windows. WinSystem gathers email addresses from the following files: .ASP .HTM .HTML .PHP README.TXT These addresses are saved to the file BDN.COM in the WINDOWS directory. The worm also acts as a backdoor trojan, listening on port 314 and emails your IP address to the author: --/EMAIL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\-- (McAfee)
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at email@example.com, thank you in advance.