Two dangerous viruses are spreading to Macs through pirated copies of iWork and Photoshop. We explore the problem, detail the solution, and explain the lessons all Mac users should learn from the incident.
Who does the virus affect?
The virus is contained in pirated copies of the iWork package and Adobe Photoshop for the Mac. These are usually downloaded from BitTorrent listing sites. (See my article on BitTorrent for more details on how this works.)
The iWork version of the virus has been named OSX.Trojan.iServices.A by Intego, the security firm which discovered it. The Photoshop version has the same name but ending with .B.
How does the virus work?
The virus is not in the programs themselves, which appear to be complete and unchanged copies of the original software which can be downloaded for trial periods from the manufacturers. Instead, the virus is contained in accompanying ‘crack’ programs which aim to unlock the program so that it can continue to be used without any time limit.
When users run this crack, they see an apparent system message which asks for their name and password. Typing these details in gives the virus access to the Mac operating system itself. The virus is particularly sneaky as some of the files it creates have a random name making them harder to manually hunt down and remove.
What does the virus do?
The virus gives the hackers the ability to remotely control your computer and carry out actions which could damage it. There is already evidence infected computers have been used in a denial of service attack by which they repeatedly connect to a website with the intention of overloading its servers.
What lessons should be learned from these viruses?
1) Mac security problems may be rare, but the computers are not immune to viruses. There is some debate about whether Macs are inherently safer than PCs or if hackers simply target PCs because there are more potential victims. Either way, using a Mac should not make you complacent about security,
2) Don’t install pirated software. Even leaving aside the legal and moral issues, it creates a serious security risk as you have know way of knowing whether they have been tampered with.
3) Even if you choose to ignore point 2, you should never type in your system name and password while using any program that is not 100% official.