Intego discovers iServices trojan in Photoshop serializer

January 26, 2009

Last week Mac Blorge brought you news of the iWork trojan (OSX.Trojan.iServices.A) and how to remove it. Well, today we’re back with news of a fresh variant circulating among the torrents that comes “packaged” with a pirated copy of Photoshop CS4 for Mac.

According to Intego, the OSX.Trojan.iServices.B is bundled with copies of Adobe’s current-gen image editor. Like the iWork variant, pirates get a working copy of the desired software though installation leaves the user infected.

Specifically, the OSX.Trojan.iServices.B is a found within a crack application used to serialize Photoshop CS 4″”the application installer itself is actually clean.

“After downloading this version of Photoshop, users will run the crack application to be able to use it. The crack application extracts an executable from its data, than installs a backdoor in /var/tmp/, a directory which is not deleted when the computer is restarted. (If the user runs the crack application again, the Trojan horse creates a new executable with a different name; these random names make it harder to ensure safe removal of the malware),” according to Intego.

As is the case with all trojans, the user must provide his administrator password in order for this particular type of malware to function. In this case, the cracker application will install an executable file to the Startup Items (/System/Library/StartupItems/DivX) with full root privileges, which then opens network back door that is used to perpetrate a DDoS attack (denial of network services attack) on another computer.

Yes, OSX.Trojan.iServices.B could be used to access your data, install other software (ie additional processes, backdoors, etc) and is generally considered to be nasty, though DDoS appears to be the modus operandi to date for variants of this trojan.

Intego advises that as of yesterday morning, nearly 5,000 had downloaded OSX.Trojan.iServices.B. Yes, the company has issued updated definitions for VirusBarrier X5 ($69.95, see also VirusBarrier review).

Obviously someone has made a hobby of the iServices trojan and probably will continue making new variants until Mac users stop trusting and installing the pirated software found on BitTorrent and other P2P networks.

Bottom line? Don’t pirate software and it couldn’t hurt to install antivirus software. I use VirusBarrier X5. ClamXav (freeware), Norton AntiVirus ($49.95), and MacScan ($29.99) are other potential solutions.

Are you running AV software? Sound off below with your reasons for using (or not using)…

Be Sociable, Share!

Recent stories

Featured stories

RSS Technology news

RSS Windows News

RSS iPhone & Touch

RSS Mobile technology news

RSS Green tech

RSS Buying guides

RSS Gaming news

RSS Photography news


Copyright © 2014 NS