This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
This Trojan drops and executes the following files:
- /tmp/launch-hs - a script that loads /tmp/launch-hse and /tmp/file.doc
- /tmp/launch-hse - detected by Trend Micro as either OSX_KONTROL.HVN or OSX_KONTROL.EVL
It drops the following non-malicious file:
This Trojan takes advantage of the following software vulnerabilities to drop malicious files:
It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
This malware is a Microsoft Word document file. If opened in Windows OS, the malicious routine does not execute successfully. However, if opened in Mac OS X, the malicious routine executes successfully.