Sophos

OSX/Jahlav-A

Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Macintosh
Protection available since 25 November 2008 16:32:56 (GMT)
Detected by All Sophos products
  • Endpoint Security and Control 9.0
  • Small business solutions 4.0

Action

More Information

OSX/Jahlav-A is a Trojan created for the Mac OS X operating system. The initial malicious installer is distributed to free downloading web sites purporting to be a key generator for cracking applications.

As a part of the installation a malicious shell script file AdobeFlash is created in /Library/Internet Plug-Ins folder and setup to periodically run. The script contains another shell script in an encoded format which in turn contains a Perl script with the main malicious payload.

The perl script uses http to communicate with a remote website and download code supplied by the attacker.

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer