Monday, January 26, 2009

Trojan in Mac...!

I usually write about Windows only cause I use windows (I’ve used both Mac and Linux and like them both). PC users are usually sneered at by Mac users as virus don’t affect Mac. I’ve seen one Mac advertisement stating that there are 1 billion virus out loose but never on a Mac.

I don’t think this statement will hold true any longer, there’s a Mac trojan floating around inside a pirated iWork ‘09 release that has appeared on various torrent sites.


When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password (in older versions of Mac OS X, 10.5.1 or earlier, there will be no password request). This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.


No comments: