New Mac Trojan appears in pirated versions of Photoshop CS4

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Jan 26, 2009.

  1. macrumors bot

    Joined:
    Jul 5, 2003
    #1

    [​IMG]

    Category: News and Press Releases
    Link: New Mac Trojan appears in pirated versions of Photoshop CS4
    Description:: Uh oh… another week, another Mac Trojan horse discovered. This time around, it folks who are downloading cracked copies of Adobe Photoshop CS4 from BitTorrent sites that are in danger. According to Mac Security Software maker Intego (who discovered last week’s iWork 09 virus) the Photoshop trojan is a new variation on the OSX.Trojan.iServices virus found last week.

    Posted on MacBytes.com
    Approved by Mudbug
     
  2. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #2
    Again..

    I have very little sympathy for folks that fall victim to this.
     
  3. macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #3
    This is all bittersweet. For people who pay for their applications it is obviously sweet to see the torrent downloaders get it ... but of course then there's this whole thing about a trojan being there making me wonder if eventually we'll see this crap wind up on things that we download that are fully legit.
     
  4. Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #4
    I guess this will be appearing in all the popular torrented programs until whatever hole(?*) is fixed.

    *Is this something that apple can fix?
     
  5. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #5
    I would like to note that Intego got tagged a few years back for "discovering" malware "in the wild" that was actually a proof-of-concept that they themselves created, distributed, and subsequently "discovered".

    So, I take all info from them with a very large grain of salt.
     
  6. macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #6
    The question should be, is this something Apple would want to fix? Leave a hole and teach people a lesson or fix the hole? My hope is for the latter because the hole puts the honest folk at just as much risk.
    Great memory! I do recall that now that you mention it.
     
  7. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #7
    As much as we like to have a sense of justice, if there's a an actual security hole, Apple will have to plug it. Who knows how long it will be before it actually shows up in a "legit" app?
     
  8. macrumors Penryn

    rdowns

    Joined:
    Jul 11, 2003
    #8
    I have no sympathies for people who steal (yes, it's stealing) software and other IP. I do think Apple should close any of these holes to protect legitimate users. If they can be exploited for torrents, they can be exploited elsewhere.
     
  9. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #9
    Reading the article, it doesn't seem like a security hole. It seems more like it's preying on user ignorance. It asks for username/password and goes from there.
     
  10. H$R
    macrumors 6502

    H$R

    Joined:
    Apr 1, 2008
    Location:
    Switzerland
    #10
    It's a trojan, not a virus. There doesn't really have to be a security hole. The hole is the human who downloads the thing on purpose.
    Your Internet is the security hole, I don't think you want that "patched" aka closed.
     
  11. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #11
    Yes, already noted that. :)
     
  12. macrumors 68000

    Joined:
    Jan 9, 2007
    #12
    Nothing to fix

    There's nothing for Apple to fix here. Unlike a virus or worm which exploits some security flaw to install and spread without your knowledge or permission, a trojan is just an ordinary application. If you opened up XCode and wrote a program that deletes your iTunes library and then emails a copy of itself to everyone in Address Book, that would be your prerogative - there's nothing to stop your application because it isn't doing anything it shouldn't be able to do (deleting files from the file system is legit, so is accessing the Address Book database).

    Trojans come down to the human element. There is no way for the OS to know someone is trying to trick you with a piece of software, and no way for it to know what it is doing is considered harmful.

    The only "fix" would be for Apple to convert the Mac platform into a "walled garden" like the iPhone, with Apple becoming the gatekeeper for all Mac apps. It wouldn't really be a "personal computer" anymore in the traditional sense.
     
  13. Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #13
    That is how the first one worked as well, it is pretty much just a renamed version of the iWork variant.

    The thing is there were reports of it downloading new code once the machine is infected, which is what I semi-referring to with the mention of a possible hole. This should be picked up by the firewall at least imo.

    So yes it is user ignornance/trickery but also there are somethings that apple could do to help prevent it, such as making a more open installer so the user can see what files are being installed (yeah I know it is possible and an average user would just assume it is a correct file anyway but it would be nice).
     
  14. macrumors 68000

    Joined:
    Jan 9, 2007
    #14
    Auto downloading

    If it is downloading files off the web, using the same method a browser uses, it would inherit the same firewall rules the web browser is subjected to. You could make it more restrictive, triggering a confirmation dialog any time an application went to grab a file over the network, but that would get really annoying. There's a usability balance here that's easy to disturb.
     
  15. H$R
    macrumors 6502

    H$R

    Joined:
    Apr 1, 2008
    Location:
    Switzerland
    #15
    That is how the first one worked as well, it is pretty much just a renamed version of the iWork variant.

    Sure, they could close the IP's from where it's downloading. But in the future there will be more and more exploits and more and more IP's.
    It's not Apples job to prevent you from doing stupid things.

    Now there's the moment where a Virus/Malware scanner gets into game. It has to active watch what you (your PC) is doing and stop it when it's evil.

    Or buy Little Snitch, it will monitor for you which applications/services want to connect to the net.

    I like it the simple way as it is. But you're right, you good have like two options, the easy and the advanced like some Windows programmes have. But then again, wouldn't the writer of the software declare what he writes there? So he just would hide it from you eyes.
    An other option would be a log file, of every file that has been copied over during the installation.
    But would you want to go through that long list every time you install something? And would you check every element, every time?
     
  16. macrumors 65816

    Joined:
    Feb 7, 2007
    #16
    I totally agree, except that this and the previous trojan are the first 2 I've seen widely around since the Mac OS 9 DAYS and THAT'S SCARY to ME!

    I fear this kinda nullifies the Mac's inherent no viruses advantage so I'm hoping this doesn't get out of control and proliferate.

    I could easily see Microsoft taking advantage of this or the PC dominated media slamming Apple for this and ruining all the good press that Macs have gotten in the last few years. :(
     
  17. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #17
    Well, it's all just that.. Press and PR spin. Apple has been happily capitalizing on this untruth for a while. It's almost like FUD. While they tout a "secure" environment, trojans like this are difficult to defend against.

    This trojan preys on user ignorance and tricks people into installing malware by happily supplying an admin username and password. There's no magic to protect against this. And what can Intego (et al.) do to "protect" us?
     
  18. macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    上海 (Shanghai)
    #18
    This is is why I use usenet; of course I paid for CS4 and iWork.
     
  19. macrumors 68000

    Joined:
    Jan 9, 2007
    #19
    No worries

    There's no real chance of trojans like this proliferating, since they rely entirely on human users to spread it. What brought Windows down was the multitude of ways software could self-install without your permission or knowledge.

    This is a self-limiting problem. We're not going to see botnets of millions of Macs out there, without some serious Windows-quality security holes being introduced into OS X.
     
  20. macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    上海 (Shanghai)
    #20
    Why would honest folks be stealing.

    Not every company is an asshat like Apple.
     
  21. macrumors 65816

    AlexisV

    Joined:
    Mar 12, 2007
    Location:
    Manchester, UK
    #21
    I think people are missing the point here. It doesn't matter whether people 'deserve' it - that is irrelevant.

    What we're looking at here is the crack that comes with this pirated PS version. You run the crack and you get the trojan.

    The file could just as easily be a mirror for something legit. Something like Cyberduck for example.

    The point is, even a self installed program which then downloads further code is worrying.
     
  22. macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #22
    Yeah, three possibilities.

    Would they be downloading every single torrent, installing each one individually and testing them? Probably not.

    If they don't download every torrent, then it will only be discovered when a large number of people are affected, and this is not the case.

    Making a trojan, and "discovering" it to sell their own software.
     
  23. macrumors G3

    Kilamite

    Joined:
    Mar 20, 2007
    #23
    I just hope this doesn't appear in slightly more "legit" torrents, such as no DVD cracks for games that demand the DVD is in the drive.

    Is there any way of discovering the trojan before you install anything? Just in case this made its way into legit stuff.
     
  24. macrumors 68000

    Apple Ink

    Joined:
    Mar 7, 2008
    #24
    Well while reading something somewhere.. (MacWorld maybe) I had an epiphany... how come both the recent trojans, extremely similar in structure, in the top two most popular Mac pirated softwares be spotted by the same company in succession within a weeks time which then also goes on to release heals almost instantly after the reports....
    I smell something fishy..... oh... thats the pirates..
     
  25. macrumors 6502a

    Joined:
    Jan 2, 2009
    #25
    According to the article:

    iWork 09 (20,000 infections) than the $700 Adobe Photoshop CS4? (5000))

    They seem pretty many. Another possibility would be that Intego products send information to Intego about everything suspicious, therefore that could make the discovery of new threats a lot easier. Quite a lot of AV programs do this under Windows.

    If this is not something made by Intego itself, I hope that this doesn't transform in some massive Mac-Attack. Probably not.

    :apple:
     

Share This Page