About Malware Gallery A Journey Through Time
Welcome to the virtual museum dedicated to the rich history of malware. It offers a detailed reference to notorious malware families, notable releases, and the authors behind them, complete with images and background information.
This platform is inspired by what I affectionately call the "Malware Golden Age" – a period when malware creation was driven by a small group of passionate individuals. These pioneers in the field saw malware not merely as a tool for financial gain or destruction but as a means to learn, innovate, and showcase their skills and creativity. It was an era where crafting malware was like playing a video game, offering a more playful and exploratory approach to what was then an emerging domain. My goal with this website is to evoke a sense of nostalgia and provide insight into the malware that shaped the internet landscape during the 90s and the first decade of the 2000s.
Whether you are a veteran of the old scene, a newcomer to cybersecurity, or simply someone curious , this project invites you to explore and appreciate a unique piece of digital history.
A heartfelt thank you to
For helping me fill the memory gaps and/or providing some lost media and resources.
The Malware Gallery catalogs a list of malware families that have significantly impacted the scene. For decades, I have amassed thousands of malware samples, contributing to this ever-expanding database. You have the capability to search for specific malware families, releases, authors, or teams. This database is anticipated to grow over time. I dedicate my free time to adding more entries, which demands considerable effort.
The archive represents a complete reconstruction of the once-active Mega Security website (also known as Kobayashi), which had been offline for a decade. Mega Security, originally established to compile projects related to malware, including new hacking tools and Remote Administration Tools (RATs) often referred to as the Trojan Database, has now been fully restored. During its peak, malware authors frequently submitted their creations to Mega Security, using the platform as a prestigious showcase for their work. The site cataloged thousands of samples from the 1990s through the early 2000s.
Since August 2024, Mega Security is back online, thanks to a recent update from its original author, MasterRat. He has authorized me to continue to use the content on the Malware Gallery, which is an alternate version, more responsive with enhanced search and filtering features, making it much easier to navigate. For those who prefer the authentic experience of the original site, it remains available in its classic, old-school format, evoking the nostalgia of the 90s and early 2000s.
All credits go to the retired Mega Security staff (especially MegaRat) for the sample information found in the archive section of the website.
My Writings / A Malware Retrospective
In 2023, I embarked on crafting a series of articles titled "A Malware Retrospective." This series delves into the fascinating stories behind some of the most infamous malware projects from the past, featuring exclusive interviews with their original creators. If you're keen to uncover these hidden gems and explore the minds behind the malware, I invite you to follow me on Medium to ensure you don't miss any upcoming stories.
Published Stories So Far
A malware retrospective: IceCold
A malware retrospective: PrjRAPTOR
A malware retrospective: SubSeven
A malware retrospective: The Beast RAT
on Medium
FAQ / Frequently Asked Questions
Can malware samples be downloaded or accessed?
Malware samples cannot be downloaded from this web application for obvious reasons. We are not providing access to malicious tools but rather documenting these samples. Sharing malware samples, even very old ones, is most of the time considered illegal.
Can I contribute to Techniques and Code Snippets?
Currently, contributions to Techniques, Code Snippets, and Samples are not open to the public. However, this may change in the near future. Plans are underway to publish documentation, create a dedicated repository, and provide a special tool to streamline the contribution process. Stay tuned for updates!
Are there any exceptions to the rule against sharing malware samples?
Generally, no. However, you're welcome to contact me, and we can explore if there's a viable solution.
Can I contribute to the project by providing my own collected samples?
Not at the moment, as I currently have thousands of samples that I'm processing progressively in my free time. However, I am considering releasing a tool in the near future that will allow you to easily create your own sample snapshots for this project.
Do you plan to extend this concept to include new malware?
It's not ruled out. Currently, my focus is entirely on the core concept of the website, which is to showcase old malware that had a significant impact on the scene. In the future, extending the concept to include new malware is a possibility, provided they meet certain criteria. This website is akin to an art gallery; malware from the past was considered an art form, distinguished by its uniqueness. Today, they often appear quite similar, losing some of that individual artistic expression.
I recognize myself as the creator of one of the samples referenced on the site. What should I do?
If you can prove you are the author of one of the referenced samples, I would be happy to redact any personal information that may be present. Additionally, if you wish to provide more details about your former work, I am open to incorporating them. Should you be interested in contributing to the "Malware Retrospective" series, I would be pleased to send you a set of questions to learn more about your insights.
However, since your samples have been made public, only personal information can be removed. The sample information itself, including name, version, author nickname, features, images, etc., cannot be removed.
Other Project You Might Appreciate
I'm also engaged in a project that could capture your interest, focusing this time on Malware Evasion Techniques. This project offers an extensive compilation of strategies used by malware authors to bypass and slow down defense mechanisms. Originally created by Thomas Roccia, I became part of the project's development in 2019. Today, it stands as the most comprehensive database dedicated to malware evasion techniques.
www.unprotect.it
Disclaimer
The content provided on this website — including, but not limited to, text, images, hyperlinks (embedded or explicit), code snippets, and technical descriptions — is intended strictly for educational, informational, and research purposes only. This site exists to promote cybersecurity awareness, support academic and professional research, and illustrate the mechanisms, behaviors, and techniques employed by malicious software in a controlled, responsible context. It is expressly not intended to promote, enable, or facilitate malicious activity of any kind.
While every reasonable effort has been made to ensure that the examples, demonstrations, and discussions presented here omit operationally dangerous or exploitable components, some materials may depict or describe real-world malware techniques. These are included solely to assist researchers, analysts, and students in understanding threat actor methodologies and to further legitimate defensive and forensic education.
Access to and use of this website constitutes explicit agreement to the following terms:
- No Endorsement or Guarantee: The website owner makes no representations or warranties, express or implied, regarding the accuracy, completeness, or reliability of any content. All content is provided “as is” and “as available.”
- Use at Your Own Risk: Any use of the materials — whether for research, reverse engineering, simulation, or analysis — is done solely at the user's own risk. The owner, contributors, and authors of this site shall not be held liable for any damages, loss, disruption, or liability, direct or indirect, resulting from the use, misuse, or interpretation of the content.
- Link Disclaimer: This website may contain links embedded in text, images, or code. These links are provided only for informational convenience and do not constitute an endorsement or validation of any third-party content. Visiting these links is done at your own discretion and risk. The owner disclaims any liability arising from third-party sites or their contents.
-
No Authorization for Malicious Use:
You are strictly prohibited from using any content or knowledge gained from this website to:
- Develop, distribute, or deploy malware or malicious utilities.
- Engage in unauthorized system access, compromise, or intrusion.
- Bypass security controls or violate laws governing computer use.
- Ethical and Legal Use Only: This content is intended for qualified security professionals, academic researchers, and educators operating within the bounds of applicable laws and ethical standards. If you are uncertain whether your intended use complies with local, national, or international law, you are urged to consult legal counsel before proceeding.
- No Liability for Misuse: The website owner disclaims all responsibility and liability for any outcomes resulting from the improper, unethical, or unlawful application of the information provided. Users assume full responsibility for their actions, decisions, and consequences arising from interaction with this content.
- Due Diligence Expected: Users are expected to exercise independent judgment, critical thinking, and due diligence when engaging with any content hosted on this website.
By continuing to use or access this website, you affirm that you understand and accept the above terms, and that you will conduct yourself responsibly, ethically, and within the limits of all applicable laws.