Zone Gadget

Installing Pirated Version of Apple’s iWork ‘09 Application Suite May Contain Trojan Horse

This will be a very bad news for those who used to download a pirated version of Apple’s iWork ‘09 application suite. It is said that there is a new Trojan Horse called "OSX.Trojan.iServices.A." containing in the Pirated iWork '09 installer.

When installing an infected pirated copy of iWork ‘09, an extra iWorkServices package is installed; this installation begins as soon as the user launches the iWork ‘09 installer. This package is installed as a system-wide startup item, where it has read-write permissions as root. In other words, this code can do anything to any part of the system, with full authorization.

The malicious software connects to remote servers over the internet, so a malicious remote user will know that the program has been installed. The malicious user will be able to connect to the infected Mac and perform various actions; the Trojan horse may also download additional components to an infected Mac.

According to Intego, the download is not less than 20,000 times which means about more than 20,000 computer are infected by the trojan horse. You can check if you’ve been infected of not by checking in /System/Library/StartupItems for an item named iWorkServices. If it exists, you’ve been infected with this Trojan horse.

[endgadget via macworld]