[Michael]

UPDATE:

Totally undetected variant found:



From the following site:



The Windows version is detected, but not by many vendors:



--------------------------------

As I was browsing different crack sites with a spoofed user agent (Safari) I came across another Jahlav OSX Trojan:



See the extension at the bottom of the previous snapshot is for an ".exe" but when I click on the link it converts it into a ".dmg"



Very few vendors are detecting this variant:



I did some background check on the original crack site. All bad stuff!

IP: 213.182.197.8

IP Country:   Latvia

This IP address resolves to mxs.newhostgroup.ru

34 Hosts on this IP

Number Domain / Host Functions

1. prowarezsite.com

2. prolinesoft.com

3. studiaweb.com

4. inspirationsbymicco.com

5. prosserpianoca.com

6. seexxxfree.info

7. djstevyvee.com

8. topsecretwarez.com

9. therogueelement.net

10. uniquexsoftware.com

11. yourcrackkey.com

12. premieracs.com

13. yoursoftonline.com

14. unix-service.com

15. 2008bloggger.com

16. lyutsifer.ru

17. vipwarezz.com

18. arws.org

19. prava-center.ru

20. zoosexvideo.net

21. kostenlosie.net

22. giveprava.ru

23. dwlsoft.com

24. paysitesmag.com

25. watch-video.info

26. sihuirading.com

27. warezfans.com

28. hacker-pro.net

29. index938.com

30. www.arws.org

31. appz-blog.com

32. klasoft.com

33. warezter.com

34. www.sihuirading.com

More fake codecs from faretransy.com:



I will keep monitoring those links and pass on the information to other security folks.

Those links are dangerous, so proceed with caution.

Jerome Segura