January 26, 2009 at 18:06Fresh modification of the OSX.Trojan.iServices trojan
Just three days ago, I wrote that a new Trojan for Mac was discovered , and today its modification appeared on the network. This time the trojan spreads in torrents with Photoshop CS4. The package itself is clean, but here is a program distributed with it for generating serial numbers - with a gift.
What and how do the crack and trojan:
The Trojan was called OSX.Trojan.iServices.B, but was discovered by the same company Intego. According to them, the possible number of infected computers is about 5,000.
In any case, the best protection is to not give the root password to unknown applications, or to programs not from official sources.
What and how do the crack and trojan:
- To start the crack, it asks for the root password, which is used to transfer the corresponding rights to the trojan.
- When the crack starts, the trojan is unpacked in / var / tmp / with a random file name. When you restart it, a second similar file is generated.
- The trojan is copied to / usr / bin / DivX and creates an autorun key in / System / Library / StartupItems / DivX.
- The trojan checks for root rights and stores the root password hash in /var/root/.DivX.
- The Trojan listens on a random TCP port and responds to external requests in packets of 209 bytes. It also periodically connects to two IP addresses.
- Crack opens the disk image hidden in the directory with its resources, and actually breaks the protection of Photoshop.
The Trojan was called OSX.Trojan.iServices.B, but was discovered by the same company Intego. According to them, the possible number of infected computers is about 5,000.
In any case, the best protection is to not give the root password to unknown applications, or to programs not from official sources.