October 31, 2024
Trojan Found in Pirated Adobe Photoshop CS4

Trojan Found in Pirated Adobe Photoshop CS4

Posted January 26, 2009 at 10:34am by iClarified
Intego has discovered a new variant of the iServices Trojan horse in Adobe Photoshop CS4 downloads.

This new Trojan horse, OSX.Trojan.iServices.B, like the previous version, is found in pirated software distributed via BitTorrent trackers and other sites containing links to pirated software. OSX.Trojan.iServices.B Trojan horse is found bundled with copies of Adobe Photoshop CS4 for Mac. The actual Photoshop installer is clean, but the Trojan horse is found in a crack application that serializes the program.

Trojan Found in Pirated Adobe Photoshop CS4


-----
After downloading this version of Photoshop, users will run the crack application to be able to use it. The crack application extracts an executable from its data, than installs a backdoor in /var/tmp/, a directory which is not deleted when the computer is restarted. (If the user runs the crack application again, the Trojan horse creates a new executable with a different name; these random names make it harder to ensure safe removal of the malware.)

The crack application then requests an administrator password, launching the backdoor with root privileges. This copies the executable to /usr/bin/DivX, then creates a startup item in /System/Library/StartupItems/DivX. The program checks to see if it has been launched with root privileges, then saves the root hash password in the file /var/root/.DivX. It listens on a random TCP port, and answers requests such as GET / HTTP/1.0 by sending a 209-byte packet, and makes repeated connections to two IP addresses.
Trojan Found in Pirated Adobe Photoshop CS4

Next, the crack application opens a disk image which is hidden in its resource folder, in a folder named .data, and proceeds to crack the Photoshop program, allowing it to be used.
-----

Intego VirusBarrier X4 and X5 with virus definitions dated January 25, 2009 or later protect against this Trojan horse.



Read More
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (1)
You must login or register to add a comment...
Eric
Eric - January 26, 2009 at 4:29pm
very convenient for Intego this discovery.... extrange!!!!
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sonoma
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS