2008 December 10 « iThreats

OSX/Jahlav evading scanners detection

December 10, 2008 Methusela Cebrian Ferrer Leave a comment

OSX/Jahlav new variant shows a little trick to evade AV (security scanners ) detection.

preinstall3 The same trick for the next script …

preinstall_drop3 So it stops here since the last decoded script remains the same except on the IP address value.

Unfortunately, this changes affects the container as well which is the DMG file. Overall, we are not seeing significant change here although it is obvious the author wants to maximize infection.

Categories: Malwares Tags: Begin 666 intego, begin 777 you-are-lucky, Jahlav, MacAccess, os, osx backdoor, osx trojan

	Scott on How to Remove Starfield
	Ratan on Summary of ASF File Speci…
	loewenherz.cc … on Summary of ASF File Speci…
	N. Cheatham on Analysis of OSX Starfield
	Rudolf Jockers on Just a note…

M	T	W	T	F	S	S
« Nov				Jan »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

iThreats

Archive

OSX/Jahlav evading scanners detection

Threat Researcher

Blog Stats

Twitter Updates

Pictures of the Day

AV Blogroll

Home

Latest Advisories

Top Posts

Recent Comments

Recent Posts

Meta

Archives

Reference

Follow “iThreats”