You are not logged in.

None

Other articles in Computers & Technology > Viruses

Identity Theft Strikes Again 27 January 2009

- Entire Category -

New Virus Attacks Apple iWorks PDF Print E-mail
User Rating: / 3
PoorBest 
Computers & Technology > Viruses
Written by James A. Seals   
Wednesday, 28 January 2009 00:53
New Virus Attacks Apple iWorks

Well to all of those people out there that think Apple Macintosh computers can’t get any viruses, think again. After doing some research, I found a virus that attacks Apple iWorks, all versions of this software. I myself was a victim of this virus, and it wasn’t fun trying to remove it.

This particular virus is a Trojan and will do the following. This Trojan is dropped as part of an illegitimate iWork application installation that has been observed to be available on some file sharing sites.

Upon installation, the following malicious files are created:

* /usr/bin/iWorkServices (OSX/IWService)

It will also hook system startup by creating or modifying the following file(s) and folder(s):

* /System/Library/StartupItems/iWorkServices/iWorkServices/
* /System/Library/StartupItems/iWorkServices/StartupParameters.plist

iWorkServices is set to start when the 'Network' parameter is reached at startup through definitions set in the .plist file listed above.

The installation folder is then modifed to have read and execute rights to "all" and read, write and execute for the "root" user by setting the permission attributes with "chmod 755".

Connection attempts may also be made from the following domains on non-standard ports:

* 69.92.{blocked} (TCP Port 59201)
* {blocked}.freehostia.com (TCP Port 1024)

Well you might be asking yourself, “How does my computer get infected with a Trojan virus?” Well Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.

It is a very good practice to scan all of your e-mails or anything that you are attempting to download, with your virus protection software. I am a BIG fan of Trend Micro Internet Security Pro. You can go to their website, www.trendmicro.com, and download it from there.

This is James Seals of Complete Solution Computer Services, Inc. I’ll be back to inform you of the new virus, spyware and malware threats as they become available.