Tens of thousands of users who’ve downloaded pirated versions of iWork ‘09 or Photoshop CS4 may have opened their Macs to remote attacks from malicious users. Mac security software maker Intego discovered last week what it calls “OSX.Trojan.iServices.A” in pirated copies of Apple’s iWork ‘09 making the rounds on BitTorrent file sharing networks. An additional package not found in retail copies of the iWork installer called “iWorkServices.pkg” is installed as a startup item with read/write/execute abilities with the pirated versions. According to Intego, the rogue software connects to a remote server to notify its creator that the trojan has been installed on different Macs, and he or she can “connect to them and perform various actions remotely”, including downloading additional components to the machine. Intego considers the risk of infection to be serious, warning of “extremely serious consequences” if a user’s Mac is compromised by software. The security firm said 20,000 people had already downloaded the installer at the time of its alert. As of now, Intego counts 1,000 more since the initial warning. As part of its update, Intego also says it has discovered a new variant of the same Trojan horse called “OSX.Trojan.iServices.B”, which can be found in pirated versions of Adobe Photoshop CS4. This installer has already been downloaded by 5,000 people who are now at risk, the firm says. Once the administrator password is entered, a backdoor with root privileges is launched, copying the executable to /usr/bin/DivX and a startup item in /System/Library/StartupItems/DivX. It then makes repeated connections to two IP addresses, according to Intego. A malicious user can then connect to the affected Macs and perform various actions and downloads remotely. Intego predicts this Trojan horse may also be used to execute similar DDoS attacks.


New Mac virus threatening internet pirates