Trojan found from iWork '09
iWork '09
Intego, security software maker for Mac last week review that it discovered a trojan on Mac called "OSX.Trojan.iServices.A" in pirated copy of Apple's iWork '09, downloaded from BitTorrent file sharing networks. That particular additional part was not found in retail copies of the iWork installer called "iWorkServices.pkg", and it is installed as a startup item with Read/Write/Execute abilities with the pirated versions.
This trojan connects to a remote server to notify its creator that the trojan has been installed on different Macs, and he or she can "connect to them and perform various actions remotely", including downloading additional components to the machine.
This is "Serious Risk" of infection considered by Intego, warning of "extremely serious consequences" if a user's Mac is compromised by software. At least 20,000 people had already downloaded the installer at the time of Intego alert.
Latest update on Monday, Intego said Macs infected with the Trojan are being pushed new code that downloads in the background, which is then being used to facilitate a DDoS (distributed denial of service) attack on certain websites.
Photoshop CS4
A new variant of the same Trojan horse called "OSX.Trojan.iServices.B" can be found in pirated versions of Adobe Photoshop CS4. At least 5,000 people had already downloaded.
Trojan found in Photoshop CS4
The installer compromises the system not by installing an additional package, but through a crack application that serialised the program for use without a purchased retail key. This app extracts an executable from its data and installs a backdoor in /var/tmp. If the user runs the crack application again, a new executable with a different random name is created, making it difficult to safely remove the malware.
Administrator Executable
Once the Administrator password is entered, a backdoor with root privileges is launched, copying the executable to /usr/bin/DivX and a startup item in /System/Library/StartupItems/DivX. It then makes repeated connections to two IP addresses, according to Intego.
A malicious user can then connect to the affected Macs and perform various actions and downloads remotely. Intego predicts this Trojan horse may also be used to execute similar DDoS attacks.
So the conclusion would be not to download any "Piracy" software! This is the price you will have to pay for!
