Security Response

What do you call it when pirating software works against you?  OSX.Iservice. What this means is that there is no free lunch, nor is there free Apple iWork '09, unless you download the trial version directly from Apple. Unfortunately, the idea of getting one over on a big corporation fuels a lot of file sharing, and malicious software authors bank on that. 

Symantec has become aware of a Trojan currently being shared on peer-to-peer (P2P) networks. We originally reported on this yesterday on our Norton Protection Blog—take a look at the article New Trojan Attacks Pirates. Disguised as a copy of the legitimate trial version of Apple’s iWork ‘09, the phony iWork ’09 installer has the filename iWork09.zip and is approximately 450MB in size.

...

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacommvariants. While this is nothing new, this time around the attachmentsare in the form of password-protected zip files. The recipient istricked into unzipping the attachment with the included password, thenrunning the unzipped file, to counteract activity related to an unknownworm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including,but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!","Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "VirusAlert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!".The attachments are generally a .gif image file (this image containsthe zip password) and the executable in the form of patch-[random fourdigits].zip.

...