Filed under: Security
Intego: Adobe CS4 crack app has variant of iServices trojan
The folks over at Intego let the world know about a new trojan making the rounds along with copies of an application designed to crack Adobe Creative Suite 4. They consider the risk "serious."
If you don't download software using peer-to-peer tools like BitTorrent, then you're perfectly safe. You can stop reading this story, if you like. If you're one of the 5,000 people who recently downloaded and installed the serial crack, then you have a bad day ahead of you.
The malware, after asking for your administrator password, installs an executable with a random name in /var/tmp, a folder that isn't deleted when the computer restarts.
The randomly-named program will install itself in /usr/bin/DivX, create a startup item in /System/Library/StartupItems/DivX, and if it has root privileges, save a hash of your password in the file /var/root/.DivX.
The software then listens on a random TCP port and awaits instructions from its evil overlords. With an infected computer's root password, those in control of the software will be able to execute commands on the infected computer, including deleting files and performing malicious network tasks.
Late last week, pirated copies of iWork '09 were infected with similar malware.
Intego VirusBarrier X4 and X5, as you might imagine, protect you against the Trojan. Either looking for (and removing) the files mentioned above or using a virus removal utility is recommended.
Also recommended: Not downloading pirated software (and their associated tools) on peer-to-peer networks. If you do choose to get your software that way, you have nobody to blame but yourself if your system gets infected.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Me said 2:27PM on 1-26-2009
So is this new or just now found? I assume it is new since they say it is a modified or more advance version of the iWork '09 trojan, but not sure?
Reply
Spud said 2:00AM on 1-27-2009
Anyone get the feeling the current spate of virus infected apps are being created by the AV manufacturers to get business?
Reply
ZX said 1:24PM on 1-26-2009
Mac security software maker Intego discovered....I find it very odd that INTEGO is the one that is finishing these security flauws
Reply
Flunky Carter said 9:58PM on 1-26-2009
I too find it odd that a company that makes anti-virus software is in the business of finding and alerting others that it found a virus.
Stupid ass.
Bradley said 4:40AM on 1-27-2009
FIX: Here it is.
http://macscan.securemac.com/files/iWorkServicesTrojanRemovalTool.dmg
Everybody is spending so much time calling people stupid, when those
unfortunate enough to get the trojan just need to know how to get rid
of it. Maybe it was silly, but you can be smart now.
TUAW - maybe you could put this on the main page?
ZX said 1:25PM on 1-26-2009
...finding these security flaws
Reply
scopeanime said 1:27PM on 1-26-2009
Why? Isn't it their job?
On topic, how stupid do you have to be to get infected with this? Seriously people...
Reply
ipod touch owner said 1:39PM on 1-26-2009
"Do you know this awesome game here?"
Hey, people jailbreak their iPod Touches an iPhones because of this great and marvellous thing a friend recommended (in fact its a "Pull-my-finger-app with sounds of real farts", or in other words: something nobody needs at all). And then they begin to say: "Apple sucks! My iPod is wrecked!"
Look at the videos at Youtube. Someone is watching them... singing cats and birds and farts in a jar.
Someone even bought the famous wireless-lan-wire.
Yes, you could conclude: Mankind is stupid.
There's reason you should, too...
Cynthia said 1:40PM on 1-26-2009
"Stupidity" is exactly what the Trojan writer is counting on. If it was never a problem, then you never had to learn and, thus, remained "stupid."
People hopefully learn from their mistakes or the mistakes of others. The Mac community have not had their system tested enough (in the wild) to develop the good security practices that Windows and Unix admins have adopted.
The people that get infected with the trojan will be lucky if their hard drives are erased. I would rather that than have the computer turned into a kiddie porn server.
ipod touch owner said 1:33PM on 1-26-2009
Hi Robert,
your last sentence is quite misleading.
You can actually get those malicious software in EVERY non official (thus illegal) source on the net! Not only in peer-to-peer networks!
It is also very common (at least for Windows programms, and nowadays also for Mac) that those files are infected.
This also applies to videos/films, music, photos, in fact everything you can find in those "grey (and illegal) zones".
Reply
+. said 2:49PM on 1-26-2009
This also applies to videos/films, music, photos, in fact everything you can find in those "grey (and illegal) zones".
um, no. you don't have to enter your root password to watch a video, listen to music, or look at photos. these aren't things that need to be installed.
if a video, photo, or audio file asks you for a root password & you actually provide that, well, uh, you've got far bigger problems than having a trojan on your machine.
alansky said 4:01PM on 1-26-2009
"You can actually get those malicious software in EVERY non official (thus illegal) source on the net! Not only in peer-to-peer networks!" --ipod touch owner
Totally false on the Mac side. Let's be very clear here: 99.9% of all malicious exploits affect Windows computers, not Macs. Nor are Macs safe because of their insignificant market share. Apple is currently one of the most powerful brands on the planet, and the Mac's market share is growing daily. If OS X was as easy to crack as Windows, malicious coders would be doing it.
But I also agree with @Cynthia, who said:" The Mac community have not had their system tested enough (in the wild) to develop the good security practices that Windows and Unix admins have adopted."
The day may come when the demented geeks among us figure out how to infect unguarded Macs with relative ease, but thankfully that day hasn't come yet.
basscadet said 4:55AM on 1-27-2009
Yes, in an indirect way it also affects video files. Someone posts a fake vid torrent of a popular film. The video file contains only one screen that says something like "this file was encoded using X codec. Download X codec viewer from this address". Unsuspecting users go to that address and thinking they downloaded a player they actually install malware/spyware.
One can argue endlessly on how stupid people are but it all boils down on how internet savvy people are. Mac users are not more or less stupid than PC users, they have met less such incidents in their experience and might be less protected by having let their guard down.
balls said 1:47PM on 1-26-2009
Sadly, I think TUAW and most of the readers are missing a huge point.
Instead of talking about not pirating software, you should talking about how to better secure your mac incase it does get attacked by a virus.
You are all saying that it's the users fault for running cracks and using pirated software. True enough, but now all an attacker needs to do is get their payload into legitimate software sources. Not necessarily a trivial task, but there are plenty of vulnerable websites out there.
Reply
Moe said 1:57PM on 1-26-2009
"If you don't download software using peer-to-peer tools like BitTorrent, then you're perfectly safe."
This really should read "If you don't download software that you don't have a license to use then you're perfectly safe."
There's nothing wrong with peer-to-peer in general or BitTorrent in particular. Stop shooting the messenger, please.
Reply
robogobo said 6:10AM on 1-27-2009
amen
Drakhul said 2:37PM on 1-26-2009
I'm sorry, I must agree with the folks who say if you install cracked apps and catch a virus from it, tough $h!t. I don't see anyone actually infecting a legitimate version of software... they would have to actually have access to the source code and that is not very likely to happen.
Don't be such a cheapskate... BUY your software like you are supposed to. Software piracy leads to higher prices for those if us who do pay for it. If you can't afford it, you don't need it bad enough.
Reply
jimmy miller said 3:18PM on 1-26-2009
I honestly don't understand how piracy leads to higher prices. Ok look at the people who pirate for example CS4. Do you think those people would actually buy CS4 if it was not possible to pirate. No. Therefore the company lost no money whatsoever. Thus no reason to raise prices.
Drakhul said 3:29PM on 1-26-2009
Piracy has a major impact on prices... if it were not for the nuggets stealing software, vendors would not have to go to the added expense of trying to make it pirate-resistant (I just made that term up).
The fact is that a lot of people who COULD afford software choose to pirate it because it's free...
fiilian said 7:27AM on 1-27-2009
"If you can't afford it, you don't need it bad enough."
So people who are starving dont need food bad enough?