The Trojan that was being distributed last week in pirated copies of Apple’s iWork 09 program on BitTorrent has reappeared only days later hiding inside copies of Adobe Photoshop CS4.
The new version, dubbed OSX.Trojan.iServices.B, has much the same general purpose as the first incarnation, asking for root privileges in order to open a back door into a user’s machine, Mac security company Intego has reported.
A user’s system could be subject to a range of remotely-initiated purposes, including acting as a spam relay or initiating a distributed denial of service (DDoS) attack. Either one of these could get the user’s Internet connection blacklisted.
“The first version of this Trojan horse was seen downloading new code to infected computers, which were then used in a DDoS attack on certain websites. Since this new variant uses the same technology, and contacts the same remote servers, it is likely that it will attempt to download new code and perform such actions,” the company said in a release.
The user would not know anything was amiss because the pirated but fully working copy of Photoshop is installed as normal by the Trojan installer at the same time as it installs its own files.
As of January 25th at 11am GMT (6am EST), an estimated 5,000 people had downloaded the hijacked version of the Adobe CS4 application, according to Intego, which has tracked its existence on BitTorrent downloading sites, and which also notified the world of last week’s iWork 09 version.
The company added that an extra 1,000 downloads had happened of the iWork version, in addition to the 20,000 downloads made before alerts went out. The two versions of the Trojan were definitely the work of the same group as both used the same remote servers, the company said.
One week into this particular Trojan story, and the same group has now hit two separate pirated Apple applications. Sages will shake their heads at the thought that Apple users would download such ‘free’ software, but it is clearly a problem that defines the Internet itself, regardless of platform.