Trojan Virus affects thousands of pirated copies of Apple’s iWork ‘09 Suite
Malware masquerading as part of Apple’s iWork ‘09 suite has targeted unsuspecting Mac users foolish enough to illegally download and install the pirated version of the software commonly found on warez sites around the Web.
Once iWork ‘09 is downloaded and installed, the trojan horse named OSX.Trojan.iServices.A, obtains unrestrained root access, which it immediately uses to connect to a remote server over the Internet. A secondary download installs malware that makes victims part of a botnet army that is said to be attacking undisclosed websites. According to Mac antivirus software maker Intego, this is the latest reminder of the growing popularity of Apple’s OS X and virus & malware developers. Over the past year, a mix of trojans and exploits have been targeting OS X at increasing rates.
Update: If you were one of the unfortunate users to get infected with the iWork ‘09 virus or the Photoshop CS4 virus, SecureMac.com, Inc. has developed an “iServices Trojan Removal Tool” that successfully checks for an deletes both virus versions (OSX.Trojan.iServices.A and OSX.Trojan.iServices.B). To download the virus-remover please visit MacUpdate at the end of the article.
It is believed that more than 20,000 50,000 people have already downloaded the rogue installer. The pirated software does however contain a fully functional version of iWork.
We urge all readers and users to purchase software to avoid viruses and malware and most importantly to support the hard working people who spend countless hours fine-tuning and designing great software.
Important Update: The offspring of the iWork ‘09 virus has been found in over 10,000+ downloads of Adobe’s Photoshop CS4 professional photo editing software.
The new spawn is named OSX.Trojan.iServices.B and has the same malicious intent as the original virus from iWork ‘09. Please follow the link below to read AtomicSub’s article on the Photoshop CS4 virus.
Intego Security has classified this as a serious risk, more at the link: