A new variant of a Trojan is targeting users of pirated Adobe Photoshop CS4 software. The Trojan is related to malware uncovered last week that was packaged with pirated copies of iWork '09.
Users of pirated software have a new headache to worry about. For the second
time in less than two weeks, malware targeting Mac computers has surfaced
on the Web.
According to an advisory
, OSX.Trojan.iServices.B is a variant of the iServices Trojan
the company found last week targeting pirated copies of iWork '09. This time,
the malware has its sights set on versions of Adobe Photoshop CS4 downloaded
via BitTorrent trackers and other sites containing links to pirated software.
"The actual Photoshop installer is clean, but the Trojan horse is found in a
crack application that serializes the program," Intego's advisory reads.
As of 6 a.m. EST on Jan. 25, nearly
5,000 are believed to have downloaded the Trojan, according to the advisory.
After downloading this version of Photoshop, users will run the crack
application to be able to use it, the advisory continues. The crack
application extracts an executable from its data and installs a backdoor
in /var/tmp/, which is not deleted when the computer is restarted.
The crack application then requests an administrator password and
launches the backdoor with root privileges, the advisory continues. The
program saves the root hash password in the file /var/root/.DivX. In addition,
it listens on a random TCP port,
answers requests such as GET / HTTP/1.0 by
sending a 209-byte packet and makes repeated connections to two IP addresses.
"Since the malicious software connects to a remote server over the Internet,
the creator of this malware will be alerted that this Trojan horse is installed
on different Macs, and will have the ability to connect to them and perform
various actions remotely," the advisory reads. "The Trojan horse may also
download additional components to an infected Mac."
Last week, the original
version of the malware
was found in pirated
of Apple's iWork '09. By 6 a.m. EST
Jan. 22, the Trojan reportedly had infected some 20,000 users of the pirated
iWork '09. A free tool to remove this Trojan is available on SecureMac.
users have historically
had a relatively easy time when it comes to
malware-the amount of viruses targeting the Mac is far lower than those
targeting Microsoft Windows-the incident does underscore the dangers of
downloading pirated software.
"Intego recommends that users never download and install software from
untrusted sources or questionable Web sites," the advisory states.