RSS
Home > News > Trojan Found in Pirated Copies of Apple iWork ‘09
Jan 27 2009

Trojan Found in Pirated Copies of Apple iWork ‘09

  • Written by soulxtc
  • No Comments


Making the rounds on public BitTorrent tracker sites.

For years, Mac users have prided themselves that their PC cousins have been the ones forced to regularly keep an eye out for virus and malware attacks. But, this time is nearing an end. For, as the Mac gains in popularity, it is increasingly drawing the scrutiny of malware developers.

Enter the recent OSX.Trojan.iServices.A Trojan horse, an exploit being distributed in pirated copies of Apple’s iWork ‘09, where it’s disguised as a bootleg copy of the new iWork 09. Once installed, the malware takes administrator access and connects to remote servers over the Internet, where it can be given additional instructions as the author commands, from installing additional malware to stealing information off the Mac in question. The malware creator can also take complete remote control of any compromised machine.

The version of iWork 09, Apple’s productivity suite, are complete and functional, but the installer contains an additional package called iWorkServices.pkg.

123

From security firm Intego:

When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password. This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.

The good news is that only around 20,000 people have downloaded the installer.

As usual, on public BitTorrent tracker sites it’s always crucial that you read the comments, and observe the seeder to leecher ratio.

jared@zeropaid.com

Related Posts

  1. Trojan Found in Pirated Copies of Adobe Photoshop CS4 for Mac
  2. iWork productivity software targets Microsoft’s Office
  3. Trojan Removes P2P Downloads
  4. Xbox Emulator Contains Trojan Horse
  5. P2P Trojan Makes PC Talk, Laugh at You, While Erasing Hard Drive
Zeropaid on Facebook
Trackbacks url:

Leave a Comment...

  • Advertisement

    Giganews Newsgroups

1 Star2 Stars3 Stars4 Stars5 Stars
(1 votes, average: 4.00 out of 5) Loading ... Loading ...

  • soulxtc: Of course it's just a thought, hence "I think that..." :P But, it is a glaring example of the shortcomings of current...
  • soulxtc: That's the point. Even though most venue's require artists only play originals the PRO's are threatening to sue to force...
  • Joe Bloe: I HOPE it is not dead....BUT it has been a long time and NO CHANGE TO THE SITE! So it well could be dead....
  • mountain_rage: To expect society to know what is and what isn't copyrighted is ridiculous, or even to expect everyone to know that a fi...
  • mountain_rage: Not yet, although if people pressure politicians enough to change copyright, it may happen. Many people are getting more...
  • gustav: Soulxtc, that may be a nice thought, but it's not the law....
  • gustav: The venues should just require original music and make the PRO's proove that they're having cover bands....
  • Infernoz: I would even share or sell her 'music', I can't stand the nihilistic trash. She is a deeply retarded, drugged up, le...
    • sdsd