Trojan Horse Found in iWork 09 Torrent
Posted January 22, 2009 at 12:39pm by iClarified
Intego has discovered a new Trojan horse, OSX.Trojan.iServices.A, which is currently circulating in copies of Apples iWork 09 found on BitTorrent trackers and other sites containing links to pirated software.
-----
The version of iWork 09, Apples productivity suite, are complete and functional, but the installer contains an additional package called iWorkServices.pkg. When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installers request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request). This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.
Intego is issuing this alert to warn Mac users not to download iWork 09 installers from sites offering pirated software. (As of 6 am EST, at least 20,000 people have downloaded this installer.) The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users.
-----
Read More
-----
The version of iWork 09, Apples productivity suite, are complete and functional, but the installer contains an additional package called iWorkServices.pkg. When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installers request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request). This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.
Intego is issuing this alert to warn Mac users not to download iWork 09 installers from sites offering pirated software. (As of 6 am EST, at least 20,000 people have downloaded this installer.) The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users.
-----
Read More