More Mac malware
UPDATE:
Totally undetected variant found:
From the following site:
The Windows version is detected, but not by many vendors:
——————————–
As I was browsing different crack sites with a spoofed user agent (Safari) I came across another Jahlav OSX Trojan:
See the extension at the bottom of the previous snapshot is for an “.exe” but when I click on the link it converts it into a “.dmg”
Very few vendors are detecting this variant:
I did some background check on the original crack site. All bad stuff!
IP: 213.182.197.8
IP Country: Latvia
This IP address resolves to mxs.newhostgroup.ru
34 Hosts on this IP
Number Domain / Host Functions
1. prowarezsite.com
2. prolinesoft.com
3. studiaweb.com
4. inspirationsbymicco.com
5. prosserpianoca.com
6. seexxxfree.info
7. djstevyvee.com
8. topsecretwarez.com
9. therogueelement.net
10. uniquexsoftware.com
11. yourcrackkey.com
12. premieracs.com
13. yoursoftonline.com
14. unix-service.com
15. 2008bloggger.com
16. lyutsifer.ru
17. vipwarezz.com
18. arws.org
19. prava-center.ru
20. zoosexvideo.net
21. kostenlosie.net
22. giveprava.ru
23. dwlsoft.com
24. paysitesmag.com
25. watch-video.info
26. sihuirading.com
27. warezfans.com
28. hacker-pro.net
29. index938.com
30. www.arws.org
31. appz-blog.com
32. klasoft.com
33. warezter.com
34. www.sihuirading.com
More fake codecs from faretransy.com:
I will keep monitoring those links and pass on the information to other security folks.
Those links are dangerous, so proceed with caution.
Jerome Segura
Comments:
|
|
