Jan 23 2009
An Intego Security Alert warns of a new exploit to threaten the tranquility of the Mac universe: OSX.Trojan.iServices.A Trojan Horse.
The new Trojan Horse is currently hidden in pirated copies of Apple’s iWork ’09 available via various BitTorrent tracker sites. While the software is complete and functional, the installer contains a “bonus” called iWorkServices.pkg. This software is installed as a startup item where it has read-write-execute permissions for root: in other words, it has all the powers of a system administrator. This malicious software connects to a remote server over the internet, alerts its maker that it has been installed and gives this person the ability to connect to the affected Mac remotely.
Given that this alert came from Intego, it is no surprise that their software, VirusBarrier X4 and X5, will protect you against this Trojan horse as long as your virus definitions are dated January 22, 2009 or later. Meanwhile, over at SecureMac, they have made a free and handy iWorkServices Trojan Removal Tool that will… well… remove the Trojan for you.
I should mention that the preferred method of dealing with this Trojan is avoidance: go buy iWork ’09 legitimately!!