Last week Mac Blorge brought you news of the iWork trojan (OSX.Trojan.iServices.A) and how to remove it. Well, today we’re back with news of a fresh variant circulating among the torrents that comes “packaged” with a pirated copy of Photoshop CS4 for Mac.
According to Intego, the OSX.Trojan.iServices.B is bundled with copies of Adobe’s current-gen image editor. Like the iWork variant, pirates get a working copy of the desired software though installation leaves the user infected.
Specifically, the OSX.Trojan.iServices.B is a found within a crack application used to serialize Photoshop CS 4″”the application installer itself is actually clean.
“After downloading this version of Photoshop, users will run the crack application to be able to use it. The crack application extracts an executable from its data, than installs a backdoor in /var/tmp/, a directory which is not deleted when the computer is restarted. (If the user runs the crack application again, the Trojan horse creates a new executable with a different name; these random names make it harder to ensure safe removal of the malware),” according to Intego.
Yes, OSX.Trojan.iServices.B could be used to access your data, install other software (ie additional processes, backdoors, etc) and is generally considered to be nasty, though DDoS appears to be the modus operandi to date for variants of this trojan.
Intego advises that as of yesterday morning, nearly 5,000 had downloaded OSX.Trojan.iServices.B. Yes, the company has issued updated definitions for VirusBarrier X5 ($69.95, see also VirusBarrier review).
Obviously someone has made a hobby of the iServices trojan and probably will continue making new variants until Mac users stop trusting and installing the pirated software found on BitTorrent and other P2P networks.
Bottom line? Don’t pirate software and it couldn’t hurt to install antivirus software. I use VirusBarrier X5. ClamXav (freeware), Norton AntiVirus ($49.95), and MacScan ($29.99) are other potential solutions.
Are you running AV software? Sound off below with your reasons for using (or not using)…