OSX/TrojanDownloader.Jahlav [Threat Name] go to Threat
OSX/TrojanDownloader.Jahlav.NAL [Threat Variant Name]
|Signature database version||6172 (Jun 01, 2011)|
OSX/TrojanDownloader.Jahlav.NAL is a trojan which tries to download other malware from the Internet.
When executed, the trojan copies itself into the /Library/Internet Plug-Ins/ folder using the following name:
The trojan ensures it is run every 5 hours by adding an entry to the crontab configuration file.
The trojan contains an URL address. It tries to download several files from the address.
These are stored in the following locations:
A string with variable content is used instead of %variable% .
The files are then executed. The HTTP protocol is used.