OS X iServices Trojan Horse

February 2, 2009

cautionAn Intego Security Alert, published January 26, announced the discovery of a new variant of the Mac Trojan Horse iServices virus. The trojan is being packaged in cracked versions of Adobe Photoshop CS4 found on torrent sites.

Running the patching application to apply the crack will execute the trojan, which listens for web requests makes repeated connections to several IP addresses.

It’s important to recognize that this is NOT a proof-of-concept virus – this is the real thing. The previous version of the trojan used infected computers in DDoS attacks on a number of websites.

Intego claims that VirusBarrier X4 & X5 with the latest virus definition files will protect against this trojan. SecureMac, a mac-focused security site, has released the iServices Trojan Removal Tool (download connects to SecureMac’s download link), which they claim will also remove infected files.

The best defense against the virus, as well as it’s predecessor (bundled with a torrent of iWork ’09), is obviously to avoid downloading & installing cracked or otherwise modified software – whether from torrent sites or via peer-2-peer networks. Investing in appropriate anti-virus software is obviously (increasingly) important, as well.

Sigh. It was bound to happen sooner or later. Apple’s historic viral immunity really was just a question of market-share, after all…


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: