Blaire
Released 22 years, 8 months ago. January 2002
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | Blaire |
| Category | Remote Access |
| Version | Blaire |
| Released Date | Jan 2002, 22 years, 8 months ago. |
| Language | Delphi, compressed with UPX |
Additional Information
size: 633.344 bytes
Dropped Server:
c:\WINDOWS\WinSystem.exe
size: 190.976 bytes
port: 314 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinSystem"
added:
c:\WINDOWS\bdn.com
c:\WINDOWS\MSsecu.exe
Author Information / Description
This mass-mailing worm drops a remote access trojan and attempts to send itself to
email addresses found within files on the local system. Currently this worm is incapable
of emailing itself to others due to the fact that the hard coded mail server
used (smtp.wanadoo.fr) has turned relaying off. The worm is designed to send itself
using the following information:
From:
[email protected]
Subject: WARNING : Black_Piranha
Si vous pouvez lire cet e-mail, c'est que les services Microsoft on dTtecter la prTsence
du virus Black_Piranha dans votre systFme Windows. pour dTsinfecter votre systFme
vous n'avez qu'a exTcuter le programme en piece jointe.
Pour plus d'informations : http://www.microsoft.com
Attachment: MSsecu.exe
Executing the attachment infects the local machine. The MSsecu.exe file is copied to the WINDOWS directory. It's a dropper program, which displays pornographic images in a Windows.
WinSystem gathers email addresses from the following files:
.ASP
.HTM
.HTML
.PHP
README.TXT
These addresses are saved to the file BDN.COM in the WINDOWS directory.
The worm also acts as a backdoor trojan, listening on port 314 and emails your
IP address to the author:
[email protected]
(McAfee)If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.