OSX/TrojanDownloader.Jahlav [Threat Name] go to Threat
OSX/TrojanDownloader.Jahlav.NAN [Threat Variant Name]
Category | trojan |
Size | 526 B |
Detection created | Nov 03, 2011 |
Detection database version | 10552 |
Aliases | Trojan.Mac.Dnscha.b (Kaspersky) |
OSX.RSPlug.A (Symantec) | |
Linux.DnsChanger.A (BitDefender) |
Short description
OSX/TrojanDownloader.Jahlav.NAN is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.
Installation
When executed, the trojan copies itself into the /Library/Internet Plug-Ins folder using the following names:
- plugins.settings
- sendreq
The trojan ensures it is run every 60 s by adding an entry to the crontab configuration file.
Information stealing
The trojan collects the following information:
- computer name
- CPU information
The trojan attempts to send gathered information to a remote machine.
The trojan contains an URL address. The HTTP protocol is used.
Other information
OSX/TrojanDownloader.Jahlav.NAN is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.
The trojan contains a list of (2) IP addresses.