Technorati
Digg
Delicious
Reddit
Newsvine
StumbleUpon
Buzz
Blinklist
Mixx
Google
Symantec uncovers Trojan concealed in pirate copies of Apple’s iWork ‘09
The dangers of pirated software have once again been graphically exposed by Symantec today with the report of a new Trojan currently being shared on BitTorrent. Disguised as a copy of the trial version of iWork ‘09, from Apple, the phony iWork ’09 installer has the filename iWork09.zip – so users can easily be duped into thinking this is the legitimate version from Apple.
In contrast, the legitimate trial version of iWork ’09, available from Apple is named iWork09Trial.dmg. The Trojanized package contains parts of the iWork ’09 trial version, but also includes a malicious installer named iWorkServices.pkg.
The OSX.iWork threat can unleash malicious code onto the users Mac which then connects them to a remote system hosted elsewhere. This means the pirates can then send commands to the infected machine to scan for sensitive or valuable information, track where the user goes on the internet and record what the user types - leaving the unwitting recipient vulnerable to identity theft and at risk of financial loss.
Symantec explains how the threat has occured on its Security Response blog: 'When software developers create an installer for the Mac, it's often several mini-installers, or packages, that are run in a particular sequence. Each package (.pkg file) contains specific code and a script makes sure that the code is placed in the right part of the hard drive so your computer can use the software. In this case, the main installation script was changed so not only did it run the ‘right’ software packages, but it also installs another package, sensibly named "iWorkServices.pkg," which unloads the malicious code that connects the users to a remote system- leaving them open to attack.’
Symantec Security Response rates OSX.iWork as a low-level threat, but states that it is still significant because with the current economic crisis, increasing numbers of people might be tempted to use pirate software instead of paying for it.
According to Symantec what's particularly vexing is that unless users have some kind of security software, they would never know their Mac was compromised because the iWork components themselves would work normally. Symantec recommends that users:
In contrast, the legitimate trial version of iWork ’09, available from Apple is named iWork09Trial.dmg. The Trojanized package contains parts of the iWork ’09 trial version, but also includes a malicious installer named iWorkServices.pkg.
The OSX.iWork threat can unleash malicious code onto the users Mac which then connects them to a remote system hosted elsewhere. This means the pirates can then send commands to the infected machine to scan for sensitive or valuable information, track where the user goes on the internet and record what the user types - leaving the unwitting recipient vulnerable to identity theft and at risk of financial loss.
Symantec explains how the threat has occured on its Security Response blog: 'When software developers create an installer for the Mac, it's often several mini-installers, or packages, that are run in a particular sequence. Each package (.pkg file) contains specific code and a script makes sure that the code is placed in the right part of the hard drive so your computer can use the software. In this case, the main installation script was changed so not only did it run the ‘right’ software packages, but it also installs another package, sensibly named "iWorkServices.pkg," which unloads the malicious code that connects the users to a remote system- leaving them open to attack.’
Symantec Security Response rates OSX.iWork as a low-level threat, but states that it is still significant because with the current economic crisis, increasing numbers of people might be tempted to use pirate software instead of paying for it.
According to Symantec what's particularly vexing is that unless users have some kind of security software, they would never know their Mac was compromised because the iWork components themselves would work normally. Symantec recommends that users:
- Be careful where they download software (and do not use pirate software)
- If they want to try out the software type in the following URL (http://www.apple.com/iwork/) which will direct them to Apple’s homepage, so they know it’s legit
- Scan drives regularly for threats using quality security software. Users might also want to think about installing a firewall to check for unauthorised connections into and out of their Mac
- Ensure security software is kept up to date and stay informed about current threats
For more information about this threat, please click here.
Symantec has created a definition for this vulnerability in the Norton AntiVirus for Mac, Norton Internet Security for Mac and Symantec AntiVirus for Mac definitions files, so run LiveUpdate to access.
If you’re interested in an interview or want additional information from Symantec security experts on the subject, contact symantec@bitepr.com on 020 8741 1123.
The dangers of pirated software have once again been graphically exposed by Symantec today with the report of a new Trojan currently being shared on BitTorrent. Disguised as a copy of the trial version of iWork ‘09, from Apple, the phony iWork ’09 installer has the filename iWork09.zip – so users can easily be duped into thinking this is the legitimate version from Apple.
In contrast, the legitimate trial version of iWork ’09, available from Apple is named iWork09Trial.dmg. The Trojanized package contains parts of the iWork ’09 trial version, but also includes a malicious installer named iWorkServices.pkg.
The OSX.iWork threat can unleash malicious code onto the users Mac which then connects them to a remote system hosted elsewhere. This means the pirates can then send commands to the infected machine to scan for sensitive or valuable information, track where the user goes on the internet and record what the user types - leaving the unwitting recipient vulnerable to identity theft and at risk of financial loss.
Symantec explains how the threat has occured on its Security Response blog: 'When software developers create an installer for the Mac, it's often several mini-installers, or packages, that are run in a particular sequence. Each package (.pkg file) contains specific code and a script makes sure that the code is placed in the right part of the hard drive so your computer can use the software. In this case, the main installation script was changed so not only did it run the ‘right’ software packages, but it also installs another package, sensibly named "iWorkServices.pkg," which unloads the malicious code that connects the users to a remote system- leaving them open to attack.’
Symantec Security Response rates OSX.iWork as a low-level threat, but states that it is still significant because with the current economic crisis, increasing numbers of people might be tempted to use pirate software instead of paying for it.
According to Symantec what's particularly vexing is that unless users have some kind of security software, they would never know their Mac was compromised because the iWork components themselves would work normally. Symantec recommends that users:
Symantec has created a definition for this vulnerability in the Norton AntiVirus for Mac, Norton Internet Security for Mac and Symantec AntiVirus for Mac definitions files, so run LiveUpdate to access.
If you’re interested in an interview or want additional information from Symantec security experts on the subject, contact symantec@bitepr.com on 020 8741 1123.
The dangers of pirated software have once again been graphically exposed by Symantec today with the report of a new Trojan currently being shared on BitTorrent. Disguised as a copy of the trial version of iWork ‘09, from Apple, the phony iWork ’09 installer has the filename iWork09.zip – so users can easily be duped into thinking this is the legitimate version from Apple.
In contrast, the legitimate trial version of iWork ’09, available from Apple is named iWork09Trial.dmg. The Trojanized package contains parts of the iWork ’09 trial version, but also includes a malicious installer named iWorkServices.pkg.
The OSX.iWork threat can unleash malicious code onto the users Mac which then connects them to a remote system hosted elsewhere. This means the pirates can then send commands to the infected machine to scan for sensitive or valuable information, track where the user goes on the internet and record what the user types - leaving the unwitting recipient vulnerable to identity theft and at risk of financial loss.
Symantec explains how the threat has occured on its Security Response blog: 'When software developers create an installer for the Mac, it's often several mini-installers, or packages, that are run in a particular sequence. Each package (.pkg file) contains specific code and a script makes sure that the code is placed in the right part of the hard drive so your computer can use the software. In this case, the main installation script was changed so not only did it run the ‘right’ software packages, but it also installs another package, sensibly named "iWorkServices.pkg," which unloads the malicious code that connects the users to a remote system- leaving them open to attack.’
Symantec Security Response rates OSX.iWork as a low-level threat, but states that it is still significant because with the current economic crisis, increasing numbers of people might be tempted to use pirate software instead of paying for it.
According to Symantec what's particularly vexing is that unless users have some kind of security software, they would never know their Mac was compromised because the iWork components themselves would work normally. Symantec recommends that users:
- Be careful where they download software (and do not use pirate software)
- If they want to try out the software type in the following URL (http://www.apple.com/iwork/) which will direct them to Apple’s homepage, so they know it’s legit
- Scan drives regularly for threats using quality security software. Users might also want to think about installing a firewall to check for unauthorised connections into and out of their Mac
- Ensure security software is kept up to date and stay informed about current threats
For more information about this threat, please click here.
Symantec has created a definition for this vulnerability in the Norton AntiVirus for Mac, Norton Internet Security for Mac and Symantec AntiVirus for Mac definitions files, so run LiveUpdate to access.
If you’re interested in an interview or want additional information from Symantec security experts on the subject, contact symantec@bitepr.com on 020 8741 1123.
Symantec has created a definition for this vulnerability in the Norton AntiVirus for Mac, Norton Internet Security for Mac and Symantec AntiVirus for Mac definitions files, so run LiveUpdate to access.
If you’re interested in an interview or want additional information from Symantec security experts on the subject, contact symantec@bitepr.com on 020 8741 1123.