Threat Encyclopedia

OSX_JAHLAV.D

Malware type: Others

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Mac OS X

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

Medium

Distribution potential:

Low

Description: 

Trend Micro has flagged this malware as noteworthy due to the increased potential for damage, propagation, or both, that it possesses.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

OSX_JAHLAV.D Behavior Diagram

This malware may be downloaded unknowingly by a user when visiting malicious Web sites. The said Web site encourages users to download a codec needed to play a video on the said site.

It arrives as a .DMG file that contains an installer package. The said installer package contains component files and malicious scripts. These malicious scripts are detected by Trend Micro as UNIX_JAHLAV.D.

It displays the following user interface upon execution:

{Fake GUI}

While this malware is supposedly installing an application, it executes UNIX_JAHLAV.D in the background. As a result, routines of the executed scripts are exhibited on the affected system.

For additional information about this threat, see:

Description created: Aug. 7, 2009 11:00:29 AM GMT -0800


TECHNICAL DETAILS


File type: Other

Memory resident:  No

Size of malware: 24,683 Bytes

Initial samples received on: Aug 7, 2009

Related toUNIX_JAHLAV.D

Payload 1: Drops files

Details:

This malware may be downloaded unknowingly by a user when visiting malicious Web sites. The said Web site encourages users to download a codec needed to play a video on the said site.

It arrives as a .DMG file that contains an installer package. The said installer package contains component files and the following malicious scripts, which are detected by Trend Micro as UNIX_JAHLAV.D:

  • Install.pkg\Contents\Resources\preinstall
  • Install.pkg\Contents\Resources\preupgrade

It displays the following user interface upon execution:

{Fake GUI}

While this malware is supposedly installing an application, it executes UNIX_JAHLAV.D in the background. As a result, routines of the executed scripts are exhibited on the affected system.

This malware runs on MAC OS X systems.

Analysis By: Sabrina Sioting

Revision History:

First pattern file version: 6.348.05
First pattern file release date: Aug 07, 2009

SOLUTION


Minimum scan engine version needed: 8.700

Pattern file needed: 6.349.00

Pattern release date: Aug 7, 2009


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

 Step 1: Remove malware files related to OSX_JAHLAV.D  

 Step 2: Scan your computer with your Trend Micro product to delete files detected as OSX_JAHLAV.D  

*Note: If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.




Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.

Featured Stories

Connect with us on