Mac OS X Trojan Found In Pirated iWork 09 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
News
1/22/2009
08:10 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Mac OS X Trojan Found In Pirated iWork 09

Intego identified the Trojan file name as "iWorkServices" and said it gets installed when the user installs an infected copy of the iWork 09 suite.

Mac security software company Intego on Wednesday said it had identified previously unknown Trojan software that affects computers running Mac OS X.

The Trojan was found with some unauthorized copies of Apple's new iWork 09 productivity suite on sites that traffic in illegally copied software.

Intego identified the Trojan file name as "iWorkServices" and said it gets installed when the user installs an infected copy of the iWork 09 suite.

"The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request)," the company said. "This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root."

Once installed, the malware connects to a remote server over the Internet, potentially allowing the malware author to steal information, control the compromised computer remotely, or trigger the downloading of additional malicious components. Intego claims that at least 20,000 people have downloaded infected versions of iWork 09. It urges Mac owners not to download iWork from disreputable sites.

By the standards of Windows malware, that figure represents a rounding error. The Downadup worm that has been circulating is believed to have infected about 9 million PCs.

Intego is issuing this alert to warn Mac users not to download iWork 09 installers from sites offering pirated software. (As of 6 am EST, at least 20,000 people have downloaded this installer.) The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users.

Apple on Monday said that customers who bought boxed retail copies of iWork don't need a serial number to run the software with full functionality. Customers who download the trial version from Apple and decide to purchase the software are still required to supply a serial number, however. It remains to be seen whether not requiring a serial number will increase or decrease the illegal copying of iWork.

Earlier this week, Apple patched seven critical flaws in its QuickTime software.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Slideshows
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Commentary
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Slideshows
Flash Poll