Infrastructure // PC & Servers
News
1/22/2009
08:10 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Mac OS X Trojan Found In Pirated iWork 09

Intego identified the Trojan file name as "iWorkServices" and said it gets installed when the user installs an infected copy of the iWork 09 suite.

Mac security software company Intego on Wednesday said it had identified previously unknown Trojan software that affects computers running Mac OS X.

The Trojan was found with some unauthorized copies of Apple's new iWork 09 productivity suite on sites that traffic in illegally copied software.

Intego identified the Trojan file name as "iWorkServices" and said it gets installed when the user installs an infected copy of the iWork 09 suite.

"The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request)," the company said. "This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root."

Once installed, the malware connects to a remote server over the Internet, potentially allowing the malware author to steal information, control the compromised computer remotely, or trigger the downloading of additional malicious components. Intego claims that at least 20,000 people have downloaded infected versions of iWork 09. It urges Mac owners not to download iWork from disreputable sites.

By the standards of Windows malware, that figure represents a rounding error. The Downadup worm that has been circulating is believed to have infected about 9 million PCs.

Intego is issuing this alert to warn Mac users not to download iWork 09 installers from sites offering pirated software. (As of 6 am EST, at least 20,000 people have downloaded this installer.) The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users.

Apple on Monday said that customers who bought boxed retail copies of iWork don't need a serial number to run the software with full functionality. Customers who download the trial version from Apple and decide to purchase the software are still required to supply a serial number, however. It remains to be seen whether not requiring a serial number will increase or decrease the illegal copying of iWork.

Earlier this week, Apple patched seven critical flaws in its QuickTime software.

Comment  | 
Print  | 
More Insights
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.