OSX/TrojanDownloader.Jahlav [Threat Name] go to Threat

OSX/TrojanDownloader.Jahlav.NAN [Threat Variant Name]

Category trojan
Size 526 B
Detection created Nov 03, 2011
Signature database version 6597
Aliases Trojan.Mac.Dnscha.b (Kaspersky)
  OSX.RSPlug.A (Symantec)
  Linux.DnsChanger.A (BitDefender)
Short description

OSX/TrojanDownloader.Jahlav.NAN is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.

Installation

When executed, the trojan copies itself into the /Library/Internet Plug-Ins folder using the following names:

  • plugins.settings
  • sendreq

The trojan ensures it is run every 60 s by adding an entry to the crontab configuration file.

Information stealing

The trojan collects the following information:

  • computer name
  • CPU information

The trojan attempts to send gathered information to a remote machine.


The trojan contains an URL address. The HTTP protocol is used.

Other information

OSX/TrojanDownloader.Jahlav.NAN is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.


The trojan contains a list of (2) IP addresses.

Please enable Javascript to ensure correct displaying of this content and refresh this page.