Mac OS X Trojan Found In Pirated iWork 09 - InformationWeek
IoT
IoT
Infrastructure // PC & Servers
News
1/22/2009
08:10 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

Mac OS X Trojan Found In Pirated iWork 09

Intego identified the Trojan file name as "iWorkServices" and said it gets installed when the user installs an infected copy of the iWork 09 suite.

Mac security software company Intego on Wednesday said it had identified previously unknown Trojan software that affects computers running Mac OS X.

The Trojan was found with some unauthorized copies of Apple's new iWork 09 productivity suite on sites that traffic in illegally copied software.

Intego identified the Trojan file name as "iWorkServices" and said it gets installed when the user installs an infected copy of the iWork 09 suite.

"The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request)," the company said. "This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root."

Once installed, the malware connects to a remote server over the Internet, potentially allowing the malware author to steal information, control the compromised computer remotely, or trigger the downloading of additional malicious components. Intego claims that at least 20,000 people have downloaded infected versions of iWork 09. It urges Mac owners not to download iWork from disreputable sites.

By the standards of Windows malware, that figure represents a rounding error. The Downadup worm that has been circulating is believed to have infected about 9 million PCs.

Intego is issuing this alert to warn Mac users not to download iWork 09 installers from sites offering pirated software. (As of 6 am EST, at least 20,000 people have downloaded this installer.) The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users.

Apple on Monday said that customers who bought boxed retail copies of iWork don't need a serial number to run the software with full functionality. Customers who download the trial version from Apple and decide to purchase the software are still required to supply a serial number, however. It remains to be seen whether not requiring a serial number will increase or decrease the illegal copying of iWork.

Earlier this week, Apple patched seven critical flaws in its QuickTime software.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll