Click to Skip Ad
Closing in...
  1. Prime Day Deals
    11:01 Deals

    Check these early Prime Day deals with prices so low, it’s like Amazon made a mistak…

  2. Amazon Deals
    10:42 Deals

    Today’s best deals: Free $25 from Amazon, $600 projector for $230, $8 wireless charg…

  3. Mattress Topper Amazon
    14:44 Deals

    33,000 Amazon shoppers say this mattress topper deserves 5 stars – today it’s…

  4. Amazon Deals
    07:58 Deals

    10 deals you don’t want to miss on Saturday: Free money from Amazon, $2.97 smart plu…

  5. Best Smart Home Devices 2021
    08:45 Deals

    10 smart home devices on Amazon you’ll wonder how you ever lived without

Trojan virus spreads to as many as 20,000 Macs

January 23rd, 2009 at 5:40 PM

Mac users who think they’ve stumbled upon greatness in the form of an alleged copy of iWork ’09 on torrent sites take note – it contains a nasty trojan known as OSX.Trojan.iServices.A. First identified by Integro Security, the trojan works like so:

When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password. This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.

It’s important to note that while this is by no means the first trojan virus outbreak that Mac users have had to deal with, it is of special interest. Unlike trojans of years past, this is the first time hackers have taken the time to concoct a malicious script to be embedded in software that a lot of people are keen to get and actively contact remote severs to cause even more damage to infected systems. If you think your system is infected, there is a simple process to cleaning your system but it does require a complete wipe unfortunately. Open Terminal and enter the following:

  1. sudo su (enter password)
  2. rm -r /System/Library/StartupItems/iWorkServices
  3. rm /private/tmp/.iWorkServices
  4. rm /usr/bin/iWorkServices
  5. rm -r /Library/Receipts/iWorkServices.pkg
  6. killall -9 iWorkServices
  7. Wipe, reformat and reinstall OS X from your master disc

Moral of the story: Buy your software or risk paying the price in other ways.

[Via MacRumors]


Popular News