Reports of new Mac Trojan horse in pirated version of iWork ’09

iWork 09

We’re investigating reports of a new Trojan horse capable of infecting the Apple Mac OS X platform.

The Trojan, which is being called “iWorkServices” or “iServices” by some, has been distributed via BitTorrent inside a pirated version of Apple’s new iWork ’09 suite.

Ironically, hackers have used a pirated version of iWork ’09 as a “host” for the malware, just as Apple loosened up anti-piracy protection in the package.

Whereas previous versions of Apple iWork required users to enter a serial number when installing from CD ROM, the new version allows users to install the software on as many computers as they like – without apparent repercussion.

Of course, you should never download copyrighted commercial material via peer-to-peer file-sharing sites. Not only might you be breaching copyright, but you could also be risking a malware infection.

It should be remembered that malware affecting Apple Macs is much less frequently encountered than it is by their Windows-using counterparts. But that doesn’t mean the problem is non-existent, and it’s no excuse for Apple users to have their head in the sand when it comes to security.

Apple Mac users should apply common sense and properly defend their computers and data from security threats with up-to-date anti-virus software, firewalls and security patches.

Pirated version of iWork '09

SophosLabs has received a sample of the malware, which we detect as OSX/iWorkS-A.

Update: You can learn more about the OSX/iWorkS-A threat in this blog post by Paul Baccas of SophosLabs.