• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

New Trojan Attacks Pirates

 

We all know that software piracy is bad--it hurts the people who write software for a living--but it can also be dangerous. Case in point: the recent OSX.Iservice Trojan horse discovered today (January 22nd). Apparently, someone has uploaded Apple’s popular iWork 09 suite and added a Trojan horse to the installer.

Some background: When software developers create an installer for the Mac, it's often several mini-installers, or packages, that are run in a particular sequence. Each package (.pkg file) contains specific code and a script makes sure that the code is placed in the right part of the hard drive so your computer can use the software. In this case, the main installation script was changed so not only did it run the "right" software packages, but it also installs another package, sensibly named "iWorkServices.pkg," which unloads malicious code that connects to a remote system--meaning that system could then send commands to the infected machine to scan for sensitive information, track where the user goes on the Internet, record what the user types...you get the idea.

While Symantec Security Response rates OSX.Iservice a low-level threat, it is still significant because with the current economic crisis, more and more people might be tempted to pirate software instead of paying for it. What's particularly vexing is that unless users have some kind of security software, they  would never know that their Mac was compromised because the iWork components themselves would work normally.

Our recommendation is obvious--be careful where you download software (and please, don't pirate software).  If you want to try out iWork, visit http://www.apple.com/iwork/, that way you’ll know it’s legit.  Also, be sure to scan your drive regularly for threats using quality security software. You may also want to think about leveraging a firewall to check for unauthorized connections into and out of your Mac. If you do have security software, keep it up to date and stay informed about current threats.

We have more information about this threat here.  Also, Andy Cianciotto with the Symantec Security Response Blog has written an article about this threat here-- a very good read, with screenshots and some more technical notes.


We have also made sure that a definition for this threat in the Norton AntiVirus for Mac, Norton Internet Security for Mac and Symantec AntiVirus for Mac definitions files, so make sure to run LiveUpdate

Message Edited by mikeromo on 01-23-2009 09:57 AM

Comments

Kudos0

http://alpha-photo.fr/twitter.news  getting a lot of people in my group that are getting self replicating emails and they all enter in twitter.news.  They are annoying and Norton isn't stopping them. trying registry mechanic, disc cleanup, etc and not stopping them

 Help.. Windows 7 using hotmail

Kudos0

a computer hacker needs a ip address after the hacker s the ip address he can send virus then start hacking all they need to do is download hacking software which can be available for free.all a computer useer hs to do is change the ip address or download software that can hide the ip address all it takes is a google search how to change a ip address 

Kudos0

hacking software is always available to download all it takes is a google search eg how to hack (snoop,how to catch a cheating partner) this type of software should be against the law what is the diffance between defragment and scaning you need to make software that scans defracments and can a hide a ip address