![]() ![]() The removing part can be faster or a more completed way. ![]() Sudo ps aux |grep -i iworkservice |grep -v "grep" Identify if the Trojan is actually running on your system.Sudo find / -iname "iworkservice*" -print Identify if the Trojan is present on the harddrive.The output of this command will likely be something like: Sudo lsof -i -P|grep -i tcp|grep -i iworkserv Identify if the Trojan is using the network.What follows bellow is a list of command lines that will help you to identify and later remove the malware from your computer. It is not clear yet the ‘real’ purpose of such advanced Mac malware, but we will probably get more details as time goes by, and I will try to keep you posted. rwxr-xr-x 1 pedrobueno staff 413568 7 Jan 22:22 iworkservicesĪs you may know this iWork09 trojan is not like the recent popupers or other Mac trojans, but a quite well developed piece of malware, that uses among other things a p2p-like network style and an encrypted communication channel. Just one day after the iWork09 release, and the malware file also helps this theory: When I was checking some torrents of the iWok09, I could notice a different timeline…Most of the infected torrents dated approximately of January 7 th. So, what would be the logical explanation? Since Apple decided that the serial numbers will not be needed anymore, there would happen a boost on the illegal torrents, and the malware writer enjoyed the opportunity to add a backdoor on the package, right? iWork09 trojan was discovered in Jan 21 st.Apple decides that no serial number will be needed for iWork09 anymore, on January 19 th.Apple releases the iWork09 onMacWorld09 on January 6 th.Some interesting list of facts about iWork09 and this Trojan: The recent iWork09 trojan shows that once more. So, there is no malware for Mac! Well, I am sure that we all heard this one time or another…but as you know, this is not true. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |