OSX/Jahlav-C

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Macintosh
Protection available since	10 June 2009 15:07:17 (GMT)
Last updated	27 August 2009 08:28:37 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

OSX/Jahlav-C is a Trojan created for the Mac OS X operating system. OSX/Jahlav-C is used to deliver malicious code to the infected computer. The initial installer is distributed as a missing Video ActiveX Object, as described on the SophosLabs blog.

OSX/Jahlav-C creates a malicious shell script file named AdobeFlash in the /Library/Internet Plug-Ins folder and sets it to run periodically. The script contains another shell script in an encoded format which in turn contains a Perl script with the main malicious payload.

The Perl script uses http to communicate with a remote website and download code supplied by the attacker.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

OSX/Jahlav-C

Summary

Action

More Information