Thousands infected by trojan in pirated iWork 09

Posted on Friday, Jan 23 2009 @ 17:25 CET by Thomas De Maesschalck
A security company warns a pirated version of Apple's iWork '09 application suite is infected with the OSX.Trojan.iServices.A Trojan horse. According to Apple security software maker Intego, thousands may be infected as the infected copy of iWork '09 has been downloaded over 20,000 times.

The trojan is installed when Apple users install the infected pirated copy of iWork '09, the iWorkServices package is installed as a system-wide startup item, it leaves your Mac OS X operating system wide open to hackers to do whatever they want, and is hard to remove.
This is not a virus—it cannot spread from one Mac to another on its own. It’s also not a remote exploit; the user must download and install a pirated copy of iWork ‘09 to become infected. To check if you’ve been infected, look in /System/Library/StartupItems for an item named iWorkServices. If it exists, you’ve been infected with this Trojan horse.

Once infected, the clean-up process may be quite painful. As the Trojan horse has the ability to install additional components, it’s not sufficient to remove the known pieces. Instead, the safest recovery method starts with a reformat and a clean install of OS X. Because the Trojan may also modify installed applications (this is possible because the Trojan is running as root), programs should be reinstalled from their master discs, not from backups. Finally, the user should copy over their data files from backups.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments