Trend Micro - New Variant of Trojan ‘JAHLAV’ DetectedIvan Macalintal, Researcher at Trend Micro, has discovered an additional variant of Trojan JAHLAV that is hosted on sinister domains. The reports state that the variant, which has been detected as OSX_JAHLAV.I, like earlier JAHLAV samples, pretends to be counterfeit editions of authentic software, while it also acts to alter the infected computer's DNS (Domain Name Settings). In a posting on his blog, Macalintal warns that the Trojan might be downloaded inadvertently when a user accesses a malicious website. He also explains that the new JAHLAV variant carries several obfuscated scripts that (when decrypted) produce a Perl script, which Trend Micro identified as PERL_JAHLAV.F. This script transmits a HTTP (Hypertext Transfer Protocol) GET query to a particular Internet Protocol address for downloading an additional malevolent Perl script. Moreover, OSX_JAHLAV.I also pretends to be counterfeit versions of Foxit Reader and a number of antivirus programs. Similar to JAHLAV -- OSX_JAHLAV.B, the variant discovered in June 2009, a minimum of one website harboring OSX_JAHLAV.I might install malware on Windows computers. In the meantime, security researchers like Macalintal said - since the discovery of a new variant of JAHLAV, malware attacks targeted on Mac computers have been increasing in number. Consequently, the researchers forecast that attackers' desire to hack and the means to execute them are eventually coinciding. This combination could potentially trigger a grave malware attack of the kind discussed against Macs for the first time. As hackers prepare for a fresh surge of Apple-catering malicious software, it is widely predicted that numerous Mac users will be caught in the attacks unaware. The predictors also say that when creators of malicious programs unleash something highly sophisticated, the security companies will be finding a mass of users that are susceptible to the activities of those malware creators. To remain protected from the latest JAHLAV, Trend Micros suggests that all Mac and Windows users should deploy up-to-date security software, or run an antivirus scan if anyone thinks his computer is infected with the malware. Finally, users should avoid unprotected websites as such sites could compromise their systems. Related article: Trend Micro Detects Spam Mail Declaring World War III » SPAMfighter News - 9/8/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
