http://www.securemac.com/
Free tool to remove the iWorkServices Trojan Horse at above website. Little snitch would catch this Trojan and stop it working also. From: [email protected] [mailto:[email protected]] On Behalf Of Jeff @ SLYN Systems Sent: Friday, January 23, 2009 9:58 PM To: [email protected] Subject: [MacGroup] Mac Trojan Targets Pirated Apple iWorks Mac Trojan Targets Pirated Apple iWorks By Stefanie Hoffman, ChannelWeb 6:30 PM EST Thu. Jan. 22, 2009 Pirated versions of Apple (NSDQ:AAPL<http://www.crn.com/tools/quotes/index.jhtml?Page=QUOTE&Ticker=AAPL>)'s iWork '09 are the latest vehicle for a malicious Trojan<http://www.crn.com/encyclopedia/defineterm.jhtml?term=Trojan&x=&y=> that is being used by hackers to access user information on Mac OS<http://www.crn.com/encyclopedia/defineterm.jhtml?term=OS&x=&y=> X platforms. The Mac-only Trojan, known as OSX.Trojan.iServices.A, is circulating through copies of Apple's productivity suite iWork '09 found on BitTorrent<http://www.crn.com/encyclopedia/defineterm.jhtml?term=BitTorrent&x=&y=> trackers and other sites that contain links to illegal software. An advisory was circulated by Mac security vendor Intego on Wednesday, warning Mac users of the iWork malware. While the iWork '09 program is completely functional, the installer contains an additional package called iWorkServices.pkg, launched when the iWork '09 software<http://www.crn.com/encyclopedia/defineterm.jhtml?term=software&x=&y=> is installed. The Trojan installer is downloaded as soon as the user requests an administrator password and begins installation of iWork. However, older versions of Mac OS X, such as 10.5.1 and earlier, won't require a password. The malicious software is installed as a startup item where it has read-write-execute permission. It then connects to a remote server<http://www.crn.com/encyclopedia/defineterm.jhtml?term=server&x=&y=> via the Web, alerting the attacker that the Trojan is actively targeting users' Macs. The attackers will then be able to connect to the affected computers in order to steal or view sensitive and financial information, or obtain remote access<http://www.crn.com/encyclopedia/defineterm.jhtml?term=remote%20access&x=&y=> to user accounts. The Trojan may be used to download<http://www.crn.com/encyclopedia/defineterm.jhtml?term=download&x=&y=> additional malicious code onto infected Macs and used for further criminal activity. Apple released its latest version of iWork at the 2009 Macworld Conference & Expo, where it showcased changes to its word processor and spreadsheet applications. In the Intego advisory, security experts advise users not to download iWork '09 installers from sites that promote pirated software, and recommends that users also avoid installing software from other questionable sources or suspicious Web sites. "The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users," Intego's advisory warned. While the exact number of infected users is not yet known, Intego estimates that affected Mac users exceed 20,000. Malware specific to the Mac is still a relative rarity, but not entirely uncommon, security experts say. Last year, coinciding with the first day of the MacWorld Conference & Expo, a rogue application known as MacSweeper, which spread only on Mac computers, solicited users to download and pay for a bogus cleanup program. However, users, mostly consumers, soon found out that the cleaning software failed to deliver on its promise to rid their systems of malware<http://www.crn.com/encyclopedia/defineterm.jhtml?term=malware&x=&y=> once they paid for it. Security experts say that they expect to see more malware specifically targeting the Mac. Jeff Slyn, Owner SLYN Systems & Peripherals (502) 426-5469 a new & improved http://www.SLYNsystems.com in process serving Kentuckiana clients 7 days a week since 1985!
_______________________________________________ The next Louisville Computer Society meeting will be January 27 at MacAuthority, 128 Breckinridge Lane. Posting address: [email protected] Information: http://www.math.louisville.edu/mailman/listinfo/macgroup
