Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Intego Security Alert: Mac Trojan Horse OSX.Trojan.iServices.A Found in Pirated Apple iWork 09

January 2009 by Intego Security Alert

Exploit: OSX.Trojan.iServices.A Trojan Horse

Discovered: January 21, 2009

Risk: Serious

Description: Intego has discovered a new Trojan horse,
OSX.Trojan.iServices.A, which is currently circulating in copies of Apple’s iWork 09 found on BitTorrent trackers and
other sites containing links to pirated software. The version of iWork 09, Apple’s
productivity suite, are complete and functional, but the installer contains an additional
package called iWorkServices.pkg.

When installing iWork 09, the iWorkServices package is installed. The installer for the
Trojan horse is launched as soon as a user begins the installation of iWork, following
the installer’s request of an administrator password (in older versions of Mac OS X,
10.5.1 or earlier, there will be no password request). This software is installed as a
startup item (in /System/Library/StartupItems/iWorkServices, a location reserved
normally for Apple startup items), where it has read-write-execute permissions for root.
The malicious software connects to a remote server over the Internet; this means that a
malicious user will be alerted that this Trojan horse is installed on different Macs, and
will have the ability to connect to them and perform various actions remotely. The
Trojan horse may also download additional components to an infected Mac.
Intego is issuing this alert to warn Mac users not to download iWork 09 installers from
sites offering pirated software. (As of 6 am EST, at least 20,000 people have
downloaded this installer.) The risk of infection is serious, and users may face
extremely serious consequences if their Macs are accessible to malicious users.
Intego VirusBarrier X4 and X5 with virus definitions dated January 22, 2009 or later
protect against this Trojan horse. Intego recommends that users never download and
install software from untrusted sources or questionable web sites.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts