No they are getting in thru an installer script as Lee explained. OSX
ask's for the admin password when you install a program. In Windoz up
until Vista anyone or script on a web page could install a program
with out the users knowledge.
Sent from my iPhone
On Jan 24, 2009, at 8:56 AM, Profile <[email protected]> wrote:
Ed,
As a follow up, this article explains that the Trojan horse is from
Pirated software, if we are honest and don't participate in these
activities is this malware able to get to us through emails from
infected Mac's?
John
On Jan 24, 2009, at 8:27 AM, Ed Wiser wrote:
http://www.securemac.com/
Free tool to remove the iWorkServices Trojan Horse at above website.
Little snitch would catch this Trojan and stop it working also.
From: [email protected] [mailto:[email protected]
] On Behalf Of Jeff @ SLYN Systems
Sent: Friday, January 23, 2009 9:58 PM
To: [email protected]
Subject: [MacGroup] Mac Trojan Targets Pirated Apple iWorks
Mac Trojan Targets Pirated Apple iWorks
By Stefanie Hoffman, ChannelWeb
6:30 PM EST Thu. Jan. 22, 2009
Pirated versions of Apple (NSDQ:AAPL)'s iWork '09 are the latest
vehicle for a malicious Trojan that is being used by hackers to
access user information on Mac OS X platforms.
The Mac-only Trojan, known as OSX.Trojan.iServices.A, is
circulating through copies of Apple's productivity suite iWork '09
found onBitTorrent trackers and other sites that contain links to
illegal software.
An advisory was circulated by Mac security vendor Intego on
Wednesday, warning Mac users of the iWork malware.
While the iWork '09 program is completely functional, the installer
contains an additional package called iWorkServices.pkg, launched
when the iWork '09 software is installed. The Trojan installer is
downloaded as soon as the user requests an administrator password
and begins installation of iWork. However, older versions of Mac OS
X, such as 10.5.1 and earlier, won't require a password.
The malicious software is installed as a startup item where it has
read-write-execute permission. It then connects to a remote server
via the Web, alerting the attacker that the Trojan is actively
targeting users' Macs. The attackers will then be able to connect
to the affected computers in order to steal or view sensitive and
financial information, or obtain remote access to user accounts.
The Trojan may be used to download additional malicious code onto
infected Macs and used for further criminal activity.
Apple released its latest version of iWork at the 2009 Macworld
Conference & Expo, where it showcased changes to its word processor
and spreadsheet applications.
In the Intego advisory, security experts advise users not to
download iWork '09 installers from sites that promote pirated
software, and recommends that users also avoid installing software
from other questionable sources or suspicious Web sites.
"The risk of infection is serious, and users may face extremely
serious consequences if their Macs are accessible to malicious
users," Intego's advisory warned.
While the exact number of infected users is not yet known, Intego
estimates that affected Mac users exceed 20,000.
Malware specific to the Mac is still a relative rarity, but not
entirely uncommon, security experts say. Last year, coinciding with
the first day of the MacWorld Conference & Expo, a rogue
application known as MacSweeper, which spread only on Mac
computers, solicited users to download and pay for a bogus cleanup
program. However, users, mostly consumers, soon found out that the
cleaning software failed to deliver on its promise to rid their
systems of malware once they paid for it.
Security experts say that they expect to see more malware
specifically targeting the Mac.
Jeff Slyn, Owner
SLYN Systems & Peripherals
(502) 426-5469
a new & improved http://www.SLYNsystems.com in process
serving Kentuckiana clients 7 days a week since 1985!
_______________________________________________
The next Louisville Computer Society meeting will
be January 27 at MacAuthority, 128 Breckinridge Lane.
Posting address: [email protected]
Information: http://www.math.louisville.edu/mailman/listinfo/macgroup
_______________________________________________
The next Louisville Computer Society meeting will
be January 27 at MacAuthority, 128 Breckinridge Lane.
Posting address: [email protected]
Information: http://www.math.louisville.edu/mailman/listinfo/macgroup
_______________________________________________
The next Louisville Computer Society meeting will
be January 27 at MacAuthority, 128 Breckinridge Lane.
Posting address: [email protected]
Information: http://www.math.louisville.edu/mailman/listinfo/macgroup
