Stephen Withers
Friday, 23 January 2009 02:40
Opinion and Analysis
Page 1 of 2
Trojans are still the flavour of the month when it comes to getting malware onto Macs. Recent examples have posed as codecs required to view seedy videos, but the latest attack hides behind Apple's iWork application suite.
At Macworld Expo this month, Apple announced a new version of its iWork productivity suite. A free trial version was provided, and users could either buy a serial number to turn it into a fully working copy, or purchase a full copy on disc.
Unlike previous releases, the boxed version of iWork '09 does not require a serial number.
According to security software vendor Intego, a copy of iWork '09 that's circulating on BitTorrent is the real thing - but with an extra little something that will leave those who install it feeling uncomfortable.
The installer contains an extra package called iWorkServices.pkg. Despite the name, that isn't part of iWork.
The package creates a startup item so that the iWorkServices malware runs automatically from then on.
iWorkServices connects to an Internet server, from which it can download new code and receive instructions.
According to Intego, iWorkServices has been seen to operate as a botnet, carrying out distributed denial of service attacks on web sites.
Page 2: how to avoid Trojans.
