Mac OS X Trojan Found In Pirated iWork 09 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
News
1/22/2009
08:10 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Mac OS X Trojan Found In Pirated iWork 09

Intego identified the Trojan file name as "iWorkServices" and said it gets installed when the user installs an infected copy of the iWork 09 suite.

Mac security software company Intego on Wednesday said it had identified previously unknown Trojan software that affects computers running Mac OS X.

The Trojan was found with some unauthorized copies of Apple's new iWork 09 productivity suite on sites that traffic in illegally copied software.

Intego identified the Trojan file name as "iWorkServices" and said it gets installed when the user installs an infected copy of the iWork 09 suite.

"The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request)," the company said. "This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root."

Once installed, the malware connects to a remote server over the Internet, potentially allowing the malware author to steal information, control the compromised computer remotely, or trigger the downloading of additional malicious components. Intego claims that at least 20,000 people have downloaded infected versions of iWork 09. It urges Mac owners not to download iWork from disreputable sites.

By the standards of Windows malware, that figure represents a rounding error. The Downadup worm that has been circulating is believed to have infected about 9 million PCs.

Intego is issuing this alert to warn Mac users not to download iWork 09 installers from sites offering pirated software. (As of 6 am EST, at least 20,000 people have downloaded this installer.) The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users.

Apple on Monday said that customers who bought boxed retail copies of iWork don't need a serial number to run the software with full functionality. Customers who download the trial version from Apple and decide to purchase the software are still required to supply a serial number, however. It remains to be seen whether not requiring a serial number will increase or decrease the illegal copying of iWork.

Earlier this week, Apple patched seven critical flaws in its QuickTime software.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
IT Employment Trending Up; Data, Cybersecurity Skills in Demand
Jessica Davis, Senior Editor, Enterprise Apps,  11/11/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Commentary
How to Approach Your Mission-Critical Big Data Strategy
Mary E. Shacklett, Mary E. Shacklett,  11/17/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll