OSX/iWorkS-B another Trojan affecting dodgy downloads

0 Malware, SophosLabs
by

SophosLabs heard some reports today regarding another Trojan affecting dubious downloads from torrent (Intego and Graham Cluley). This Trojan, OSX/iWorkS-B, is affecting Adobe Photoshop CS4 downloads on torrent.

OSX/iWorkS-B has a similar modus operandi to OSX/iWorkS-A.

The differences mean that for the disinfection you will need to kill the service DivX instead of iWorkService.

sudo killall -9 DivX

Plus remove the folder /System/Library/StartupItems/DivX

sudo rm -rfd /System/Library/StartupItems/DivX

Network administrators who monitor network traffic should look for traffic to:

*freehostia.com:1024

OSX/iWorkS-B is yet another reason to have a security program on a Mac.

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.