OSX/TrojanDownloader.Jahlav [Threat Name] go to Threat
OSX/TrojanDownloader.Jahlav.NAL [Threat Variant Name]
|Detection created||Jun 01, 2011|
|Signature database version||6172|
OSX/TrojanDownloader.Jahlav.NAL is a trojan which tries to download other malware from the Internet.
When executed, the trojan copies itself into the /Library/Internet Plug-Ins/ folder using the following name:
The trojan ensures it is run every 5 hours by adding an entry to the crontab configuration file.
The trojan contains an URL address. It tries to download several files from the address.
These are stored in the following locations:
A string with variable content is used instead of %variable% .
The files are then executed. The HTTP protocol is used.