OSX/Olyx [Threat Name] go to Threat

OSX/Olyx.A [Threat Variant Name]

Category trojan
Size 50956 B
Detection created Jul 06, 2011
Signature database version 6270
Aliases Backdoor.OSX.Olyx.a (Kaspersky)
  Backdoor:OSX/Olyx.A (F-Secure)
  Backdoor.Olyx (Symantec)
Short description

OSX/Olyx.A installs a backdoor that can be controlled remotely.

Installation

When executed, the trojan creates the following folder:

  • /Library/Application Support/google

The trojan creates the following files:

  • /Library/Application Support/google/startp
  • /tmp/t.plist
  • /tmp/google.tmp

The trojan creates copies of the following files (source, destination):

  • /tmp/t.plist, %home%/Library/LaunchAgents/www.google.com.tstart.plist

The following files are deleted:

  • /tmp/t.plist

The trojan executes the following files:

  • /Library/Application Support/google/startp
Other information

OSX/Olyx.A is a backdoor that receives data and instructions for its operation from the Internet or a remote computer in a botnet.


The trojan contains a list of (1) IP addresses. It tries to connect to remote machine to port:

  • 80

The TCP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • send files to a remote computer
  • various file system operations
  • execute shell commands
  • send the list of files on specific drive to a remote computer

Some examples follow.

Please enable Javascript to ensure correct displaying of this content and refresh this page.