Another Trojan Horse was found in some CS4 Bittorrent downloads. Not in the software itself but in the cracking software that accompanies it.
On Mon, Jan 26, 2009 at 10:31 AM, Ed Wiser <[email protected]> wrote: > No they are getting in thru an installer script as Lee explained. OSX ask's > for the admin password when you install a program. In Windoz up until Vista > anyone or script on a web page could install a program with out the users > knowledge. > > Sent from my iPhone > On Jan 24, 2009, at 8:56 AM, Profile <[email protected]> wrote: > > Ed, > As a follow up, this article explains that the Trojan horse is from Pirated > software, if we are honest and don't participate in these activities is this > malware able to get to us through emails from infected Mac's? > John > > On Jan 24, 2009, at 8:27 AM, Ed Wiser wrote: > > http://www.securemac.com/ > > Free tool to remove the iWorkServices Trojan Horse at above website. > > Little snitch would catch this Trojan and stop it working also. > > > > From: [email protected] > [mailto:[email protected]] On > Behalf Of Jeff @ SLYN Systems > Sent: Friday, January 23, 2009 9:58 PM > To: [email protected] > Subject: [MacGroup] Mac Trojan Targets Pirated Apple iWorks > > > Mac Trojan Targets Pirated Apple iWorks > > By Stefanie Hoffman, ChannelWeb > 6:30 PM EST Thu. Jan. 22, 2009 > > Pirated versions of Apple (NSDQ:AAPL)'s iWork '09 are the latest vehicle for > a malicious Trojan that is being used by hackers to access user information > on Mac OS X platforms. > > The Mac-only Trojan, known as OSX.Trojan.iServices.A, is circulating through > copies of Apple's productivity suite iWork '09 found onBitTorrent trackers > and other sites that contain links to illegal software. > > An advisory was circulated by Mac security vendor Intego on Wednesday, > warning Mac users of the iWork malware. > > While the iWork '09 program is completely functional, the installer contains > an additional package called iWorkServices.pkg, launched when the iWork > '09 software is installed. The Trojan installer is downloaded as soon as the > user requests an administrator password and begins installation of iWork. > However, older versions of Mac OS X, such as 10.5.1 and earlier, won't > require a password. > > The malicious software is installed as a startup item where it has > read-write-execute permission. It then connects to a remote server via the > Web, alerting the attacker that the Trojan is actively targeting users' > Macs. The attackers will then be able to connect to the affected computers > in order to steal or view sensitive and financial information, or > obtain remote access to user accounts. The Trojan may be used > to download additional malicious code onto infected Macs and used for > further criminal activity. > > Apple released its latest version of iWork at the 2009 Macworld Conference & > Expo, where it showcased changes to its word processor and spreadsheet > applications. > > In the Intego advisory, security experts advise users not to download iWork > '09 installers from sites that promote pirated software, and recommends that > users also avoid installing software from other questionable sources or > suspicious Web sites. > > "The risk of infection is serious, and users may face extremely serious > consequences if their Macs are accessible to malicious users," Intego's > advisory warned. > > While the exact number of infected users is not yet known, Intego estimates > that affected Mac users exceed 20,000. > > Malware specific to the Mac is still a relative rarity, but not entirely > uncommon, security experts say. Last year, coinciding with the first day of > the MacWorld Conference & Expo, a rogue application known as MacSweeper, > which spread only on Mac computers, solicited users to download and pay for > a bogus cleanup program. However, users, mostly consumers, soon found out > that the cleaning software failed to deliver on its promise to rid their > systems of malware once they paid for it. > > Security experts say that they expect to see more malware specifically > targeting the Mac. > > Jeff Slyn, Owner > SLYN Systems & Peripherals > (502) 426-5469 > a new & improved http://www.SLYNsystems.com in process > serving Kentuckiana clients 7 days a week since 1985! > > _______________________________________________ > The next Louisville Computer Society meeting will > be January 27 at MacAuthority, 128 Breckinridge Lane. > Posting address: [email protected] > Information: http://www.math.louisville.edu/mailman/listinfo/macgroup > > _______________________________________________ > The next Louisville Computer Society meeting will > be January 27 at MacAuthority, 128 Breckinridge Lane. > Posting address: [email protected] > Information: http://www.math.louisville.edu/mailman/listinfo/macgroup > > _______________________________________________ > The next Louisville Computer Society meeting will > be January 27 at MacAuthority, 128 Breckinridge Lane. > Posting address: [email protected] > Information: http://www.math.louisville.edu/mailman/listinfo/macgroup > > _______________________________________________ The next Louisville Computer Society meeting will be January 27 at MacAuthority, 128 Breckinridge Lane. Posting address: [email protected] Information: http://www.math.louisville.edu/mailman/listinfo/macgroup
