Johannesburg, 23 Apr 2009
A new piece of malware affecting the Apple operating system, first discovered by Symantec in January, is doing the rounds.
Symantec says the malware variants, OSX.Iservice and OSX.Iservice.B, are both Mach-O format universal executables designed to run on Apple operating systems.
According to the security giant, the threats were found inside bogus copies of iWork 2009 and Adobe Photoshop CS4 which were shared on the popular peer-to-peer torrent network. Users who download and install the applications from the torrent download would have been infected. Symantec estimates that thousands of people have downloaded the infected torrent files.
Mike Romo, product manager for Symantec, specialises in Mac products and states in the Norton Protection Blog that users must be careful where they download software. “While Symantec Security Response rates OSX.Iservice a low-level threat, it is still significant because with the current economic crisis, more and more people might be tempted to pirate software instead of paying for it.
“What's particularly vexing is that unless users have some kind of security software, they would never know that their Mac was compromised because the iWork components themselves would work normally.”
Symantec says the two variants use different techniques to obtain the user's password, which is needed in order to execute the malware with full system privileges. OSX.Iservice is bundled within the rogue iWork 2009 installer and the malware gets an authenticated session through the installer itself.
The OSX.IserviceB, distributed through the Adobe Photoshop CS4 torrent file, will prompt the user for a password and then install a Trojan.
Related stories:
Symantec fights spam
Endpoint security a must
Old trojan resurfaces
Share