OSX/Revir [Threat Name] go to Threat
OSX/Revir.A [Threat Variant Name]
|Signature database version||6489 (Sep 23, 2011)|
OSX/Revir.A is a trojan that installs OSX/Imuler.A malware.
The trojan does not create any copies of itself.
The following files are dropped into the /tmp/ folder:
The following file is dropped in the same folder:
The file is then executed.
The trojan contains an URL address. It tries to download a file from the address.
The file is stored in the following location:
- /tmp/updtdata (OSX/Imuler.A)
The file is then executed. The HTTP protocol is used.