OSX/TrojanDownloader.Jahlav [Threat Name] go to Threat

OSX/TrojanDownloader.Jahlav.NAL [Threat Variant Name]

Category trojan
Size 30208 B
Detection created Jun 01, 2011
Signature database version 6172
Aliases Trojan-Downloader.OSX.Jahlav.e (Kaspersky)
  OSX.RSPlug.A (Symantec)
  TrojanDownloader:MacOS/Jahlav.C (Microsoft)
Short description

OSX/TrojanDownloader.Jahlav.NAL is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan copies itself into the /Library/Internet Plug-Ins/ folder using the following name:

  • AdobeFlash

The trojan ensures it is run every 5 hours by adding an entry to the crontab configuration file.

Other information

The trojan contains an URL address. It tries to download several files from the address.


These are stored in the following locations:

  • /tmp/%variable%

A string with variable content is used instead of %variable% .


The files are then executed. The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.