Plagiarized iWork software contaminating Macs with Trojan horse

Austin, United States, January 23: An Internet security firm, Intego, that puts together the security software of Mac computers has warned that illegally produced copies of Apple’s iWork software that can be easily downloaded from peer-to-peer (P2P) file-sharing networks may be contaminated with a nasty Trojan horse program.

Websites that handle the maximum junk traffic and hence can no longer accommodate genuine visitors are the prime targets of this malicious software.

In its warning released today, Internet security firm Intego told how plagiarized versions of the $79 iWork software suite sent out on the BitTorrent trackers are contaminated with OSX.Trojan.iServices.A.

Intego added that the Trojan is packaged in such a manner that it automatically runs upon installation of the pirated iWork software by the user.

iServices.A then unlocks a “backdoor” on the target PC, successfully alerting the virus writer of the fact that a new system is contaminated. This provides the attacker with an opportunity to perform any illegal action or upload software on the infected Mac.

As per an Intego spokesperson, figures from a sophisticated torrent tracker site show that the malicious software suite had been downloaded around 20,000 times till 6 a.m. ET today.

Pete Yandell, a Mac software developer in Melbourne, Australia, who infected his system after installing the program, wrote on his “Not a Hat” blog, “My copy of the iWork 09 trial installer contained a Trojan. This copy was passed to me through multiple hands. If I’d done the smart thing, and got my copy straight from Apple, I wouldn’t have had this problem.”

Apple has been a bit fickle as far as advising the Mac users on the virus front is concerned. Initially it said that Mac users did not have to worry about malware. Later it recommended anti-virus for Mac users and then again pulled those suggestions.

Yandell said that the site his Mac was programmed to strike was dollarcardmarketing.com. He further added that the attackers having a hold over the Mac botnet may have moved on to other targets by now.

John Valente, co-owner of dollarcardmarketing.com said, “Our site was attacked with the DDOS about a month ago and it stumped me and my host as my traffic and bandwidth were skyrocketed to over 600 GB of transfer.”

In his email to Security Fix, he wrote, “My host was nice enough to try and manage it, [even thought it temporarily crippled us] a couple times. But ultimately, he had to ask us to either shut it down or find another host because he couldn’t handle the resources it was consuming.”