On CHOW: How to avoid dirty looks at cafes
BNET Business Network:
BNET
TechRepublic
ZDNet

January 22nd, 2009

Mac OS X Malware found in pirated Apple iWork 09

Posted by Ryan Naraine @ 8:53 am

Categories: Anti Virus, Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Malware, Passwords, Research, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Apple Macintosh, Malware, Apple Inc., Apple iWork, Mac OS X User, Spyware, Adware & Malware, Desktops, Cyberthreats, Apple Mac OS X, Viruses And Worms

Researchers at Intego have intercepted a Mac OS X malware threat circulating in pirated copies of Apple’s iWork 09 software.

The malicious file, dubbed OSX.Trojan.iServices.A, was found on BitTorrent trackers and other sites containing links to pirated software.  The booby-trapped version of the iWord 09 productivity suite is complete and functional but the installer contains an additional package called iWorkServices.pkg, Intego said.

Mac OS X Malware found in pirated Apple iWork 09From the advisory:

When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request). This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.

[ Mac Attack: Porn video lures dropping DNS-changer Trojan ]

The company said at least 20,000 Mac users have already downloaded the rigged installer.

The risk of infection is serious, and users may face extremely serious consequences if their Macs are accessible to malicious users.

Although malware attacks on the Mac operating system have been limited, they do exist, especially on the DNS-changing front. Mac OS X users are urged to avoid downloading and installing software from untrusted sources or questionable Web sites.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 114 Talkback(s)
Good Points
The days of "one more thing" are over (best wishes to SJ and family,
whatever the health threat actually is) and a true Security Development
process needs to be implemented.

And yes, no... (Read the rest)
Posted by: MacKeyser Posted on: 02/02/09 You are currently: a Guest | | Terms of Use
Not to sound too crass..  msalzberg | 01/22/09
Message has been deleted.  StevesNightmare | 01/22/09
Security holes  shellcodes_coder | 01/23/09
Let's just kill this thread  Pat Barr | 01/23/09
Killing threads is the Apple way  NonZealot | 01/23/09
So true, so sad, and so effective...  tikigawd | 01/23/09
@ Shell  brian ansorge | 01/23/09
Hmmmm [yawning] ...  brian ansorge | 01/23/09
Trojan  dwdanny | 01/23/09
Doesn't just happen in illegal software  mdsock@... | 01/23/09
duh  bishofthedump | 01/25/09
That wouldn't surprise me...  nix_hed | 01/26/09
bishely said...  fairportfan | 01/26/09
ha  bishofthedump | 01/27/09
Exactly! no matter what OS this will happne! nt  TechTeach_z | 01/23/09
This is becoming more of a vehicle  Crestview | 01/23/09
That Was Kind of MY Thought, msalzberg  drprod@... | 01/23/09
Couldn't Agree More  Leans_To_Center | 01/23/09
But I thought apples could not get virus  rparker009 | 01/28/09
How can this be? OS X is super duper secure!  ye | 01/22/09
OS X is secure  Evan13 | 01/22/09
The fact that the OS X is super, duper secure was pretty outlandish.  ye | 01/22/09
Only in your own mind  frgough | 01/22/09
Made up? Not necessarily true...  StephG72 | 01/23/09
"Sadly, they are very, very real"  brian ansorge | 01/23/09
Not what Apple would have you believe...  jepzilla | 01/22/09
Message has been deleted.  drprod@... | 01/23/09
The OS is irrelevant in this type of infection  ross2000 | 01/22/09
Hasn't stopped the Mac advocates from faulting Windows for...  ye | 01/22/09
Fantasy land again  frgough | 01/22/09
Then by all means provide us with an example.  ye | 01/22/09
Antivirus 360 or antivirus 2009  mrohwohlt@... | 01/23/09
And yet OS X was the first to fall in PWN2OWN!  NonZealot | 01/22/09
Hey Z! Is that you?  snberk341 | 01/22/09
Too bad those "facts" are more fiction.  ye | 01/22/09
Message to Ye  snberk341 | 01/22/09
Fail - you are just wrong.  MacKeyser | 02/02/09
What?  mdsock@... | 01/23/09
"hasn't stopped .... [yada yada]"  brian ansorge | 01/23/09
It does not have to be illegal/pirated software  BroGnorik | 01/22/09
Super duper?  kozmcrae | 01/22/09
Today those 999,999 Windows viruses are...  ye | 01/22/09
Confusing trojans with viruses  Mikael_z | 01/22/09
What part of:  ye | 01/22/09
Vista?  lantzn | 01/22/09
A few hundred million people. (nt)  ye | 01/22/09
I do  BroGnorik | 01/22/09
21% of the market.  kozmcrae | 01/22/09
But mostly not by choice (nt)  mdsock@... | 01/23/09
@mdsock, choice? How is not by choice? Plenty of choices. (NT)  logicearth@... | 01/23/09
I thought Conficker...  msalzberg | 01/22/09
Could be...  Sleeper Service | 01/22/09
Requires user interaction to initiate. (nt)  ye | 01/22/09
As I understand it...  msalzberg | 01/22/09
Since Vista is the current version of Windows I stand by...  ye | 01/22/09
Yes.  kozmcrae | 01/22/09
The same thing?  kozmcrae | 01/22/09
Fix what?  logicearth@... | 01/23/09
I don't use Microsoft's products.  kozmcrae | 01/24/09
So are you saying...  logicearth@... | 01/24/09
@logicearth  kozmcrae | 01/25/09
Exactly  MacKeyser | 02/02/09
Your days are coming...  Crestview | 01/23/09
You can't save idiot users  samkass | 01/22/09
No you can't. Which is exactly what Windows advocates have been...  ye | 01/22/09
Just like your Master.  kozmcrae | 01/22/09
re: How can this be?  WarhavenSC | 01/22/09
Oh 'fer Christ's sake!  profsmichael@... | 01/22/09
No confusion at all.  ye | 01/22/09
Doofus  lantzn | 01/22/09
"GENIUS" move by Apple?  Hey_Joe | 01/23/09
Once the Malware artists latch into Apple  Crestview | 01/23/09
Huh?  Kid Icarus-21097050858087920245213802267493 | 01/26/09
There is a big difference  NonZealot | 01/26/09
Heheheh,  Kid Icarus-21097050858087920245213802267493 | 01/26/09
It is a feature...  GraphiteCube | 01/22/09
Just download the trial from Apple  Eriamjh | 01/22/09
Just delete the Startup Item  cgarrett | 01/23/09
Ironic Apple loosened-up their anti-piracy protection  gcluley | 01/22/09
Problem is with OSX propaganda  JABBER_WOLF | 01/22/09
No, the problem is with dumb user behavior  monoclast@... | 01/22/09
Re: No, the problem is with dumb user behavior  Cyrorm | 01/22/09
This isn't a virus!  GoPower | 01/22/09
I see the pedantics are out in full force over this.  ye | 01/22/09
Not really  MacKeyser | 02/02/09
It has been speculated  honeymonster | 01/22/09
Of course  NoThomas | 01/22/09
Would antivirus stop this?  ChrisOPeterson | 01/22/09
It would if the software had a signature in it malware DB.  ye | 01/22/09
Thanks for the laugh  frgough | 01/22/09
Pretty much. That's how it works with Windows.  ye | 01/22/09
Who are you kidding???  Hey_Joe | 01/23/09
Okay, THAT was funny  MacKeyser | 02/02/09
Anti Virus Programs  BroGnorik | 01/22/09
Wrong, wrong, wrong!  ye | 01/22/09
If the antivirus software had the proper pattern def.  3D0G | 01/23/09
Apple Suggests  lantzn | 01/22/09
your right except for later when they came and said....  NoThomas | 01/24/09
At least you don't have to....  Feldwebel Wolfenstool | 01/22/09
Plenty of Free Anti-Virus for Windows  BroGnorik | 01/22/09
There's free AV for Mac too  unclefixer@... | 01/28/09
RE: Mac OS X Malware found in pirated Apple iWork 09  zato_3@... | 01/22/09
Forgot about Little Snitch  MacKeyser | 02/02/09
Mac user's missing the point. Apple's lackluster security haunts OS.  Solid Jedi Knight | 01/22/09
Good Points  MacKeyser | 02/02/09
RE: Mac OS X Malware found in pirated Apple iWork 09  gfeier | 01/22/09
RE: Mac OS X Malware found in pirated Apple iWork 09  tucker@... | 01/23/09
RE: Mac OS X Malware found in pirated Apple iWork 09  Timpraetor | 01/23/09
You can't fix stupid...  ExCorpGuy | 01/26/09
RE: Mac OS X Malware found in pirated Apple iWork 09  JustDoIt | 01/26/09
The first virus i ever saw in the wild...  fairportfan | 01/26/09
how dumb can one be?  rhon@... | 01/27/09
Firewall?  gilbertovp | 01/27/09
The engineering of the computer is fine until---  BALTHOR | 01/29/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here