Making the rounds on public BitTorrent tracker sites.
For years, Mac users have prided themselves that their PC cousins have been the ones forced to regularly keep an eye out for virus and malware attacks. But, this time is nearing an end. For, as the Mac gains in popularity, it is increasingly drawing the scrutiny of malware developers.
Enter the recent OSX.Trojan.iServices.A Trojan horse, an exploit being distributed in pirated copies of Apple’s iWork ’09, where it’s disguised as a bootleg copy of the new iWork 09. Once installed, the malware takes administrator access and connects to remote servers over the Internet, where it can be given additional instructions as the author commands, from installing additional malware to stealing information off the Mac in question. The malware creator can also take complete remote control of any compromised machine.
The version of iWork 09, Apple’s productivity suite, are complete and functional, but the installer contains an additional package called iWorkServices.pkg.
From security firm Intego:
When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password. This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.
The good news is that only around 20,000 people have downloaded the installer.
As usual, on public BitTorrent tracker sites it’s always crucial that you read the comments, and observe the seeder to leecher ratio.
I've been interested in P2P since the early, high-flying days of Napster and KaZaA. I believe that analog copyright laws are ill-suited to the digital age, and that art and culture shouldn't be subject to the whims of international entertainment industry conglomerates. Twitter | Google Plus
