Peaches Posted January 23, 2009 Report Share Posted January 23, 2009 Mac malware piggybacks on pirated iWork By Dan Goodin in San Francisco 22nd January 2009 20:58 GMT Malware masquerading as part of Apple's iWork 09 productivity suite is targeting unsuspecting Mac users foolish enough to install pirated software downloaded on warez sites. Once installed, iServices.A has unfettered root access, which it promptly uses to connect to a remote server over the internet, according to Intego, which sells anti-virus software for Macs. A secondary download installs malware that makes victims part of a botnet that's attacking undisclosed websites. More than 20,000 people have already downloaded the rogue installer, which is bundled with a complete and fully functional version of iWork. Intego didn't say how many of those marks have actually installed the program. Story: The Register: http://www.theregister.co.uk/2009/01/22/mac_trojan_attack/ And read here: Heise security: http://www.heise-online.co.uk/security/Cop...n--/news/112470 Quote Link to post Share on other sites
Peaches Posted January 23, 2009 Author Report Share Posted January 23, 2009 22 January 2009, 16:47 Copies of iWork 09 from BitTorrent may contain trojan Intego has issued a security alert for pirated copies of Apple's iWork 09, saying that it may contain an OS X trojan known as OSX.Trojan.iServices.A. The pirated copies are appearing on BitTorrent trackers and direct download warez sites. Officially purchased copies and retail copies do not contain this trojan. The trojan exists as a package within the actual iWork 09 installer. It is notable that the iWork 09 files in these downloads are not affected, but are merely a carrier to get the trojan onto users systems. The installer for the trojan is launched as soon as the installation of iWork begins, following the installers request of the administrator password. Once installed as a start-up item to /System/Library/StartupItems/iWorkServices it has read-write-execute permissions for root. Intego has advised that the trojan connects to a remote server, possibly giving remote access and downloading additional components to the infected Mac. As always, we recommend not downloading software from untrustworthy or unofficial sources and to always acquire software legitimately. Heise security: http://www.heise-online.co.uk/security/Cop...n--/news/112470 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.