updated 10:35 am EST, Thu January 22, 2009
Trojan linked with iWork
A new Trojan attack has been linked with illegal copies of iWork '09, says Intego. The security firm notes that in some copies of iWork found on BitTorrent sites -- and other pirating venues -- a Trojan dubbed OSX.Trojan.iServices.A is attached, masquerading in the form of a package file called iWorkServices. When the iWork installer is launched, iWorkServices is launched as well; while this may be halted by a request for an administrator password, Intego warns that Mac OS X 10.5.1 and earlier will install the Trojan without further prompting.
iWorkServices subsequently becomes a startup item with full root privileges, which are then used to connect to a remote server and inform a hacker that they have access. Further malware may be installed on a victim's computer, though this is not guaranteed.
So far over 20,000 people are believed to have downloaded infected copies of iWork '09, and Intego warns that the Trojan is an "extremely serious" threat. It can, however, be defeated by updating to the latest virus definitions.