New Variant of Mac Trojan Horse iServices found in Adobe Photoshop CS4

Security software firm Intego reports that pirated copies of Adobe Photoshop CS4 may contain a variant of the “trojan horse” malware first reported in copies of Apple iWork ‘09 last week.

OSX.Trojan.iServices.B is what the malware is being called. It affects some copies of Adobe Photoshop that are being distributed through pirate software sites.


According to Intego, “The actual Photoshop installer is clean, but the Trojan horse is found in a crack application that serializes the program.”

The crack application installs a backdoor in the /var/tmp directory, copies an executable to /usr/bin/DivX and saves the root hash password in the file /var/root/.DivX, according to Intego.

It then listens on a random TCP port and attemps to make repeated connections to two IP addresses.

Intego concludes that the creator of the malware intends to be alerted through this method and may have the ability to connect to affected Macs and perform various actions remotely.

“The Trojan horse may also download additional components to an infected Mac,” reads Intego’s security alert.

Mac users concerned about this issue are advised to install and run security software to protect themselves. Obviously, the best practice remains to only acquire your software legitimately and through trusted sources.

Macworld February on sale now! Get the lowdown on the NEW 17-inch unibody MacBook Pro! PLUS there's a FREE copy of Carrara 5 Pro worth 350 for every reader! For February Magazine">more information click here.




25 Years of the Mac: The Mac timeline in pictures
25 years of the Mac: The birth of desktop publishing