Latest OS X Threat: “iWorkServices”
A new OS X threat disguised as a legitimate application iWork 09 currently in-the-wild. Few OS X users had been tricked by this, so be careful!
This malicious piece of code could create startup entry and copy itself as /usr/bin/iWorkServices.
Once installed, it will attempt to remotely communicate and execute HTTP request. It will also create /tmp/.iWorkServices and sets CHMOD 755 which is a read and execute for everyone, which may relate to its P2P activity.
It is also referencing to “Users/jason/diarrhea/aes/aes_modes.c”.
Notice that this will also attempt to connect in this URL:
Ok, so the culprit is in Mach-O universal binary format:
I know this details are not enough, for now I can say that this is indeed a threat; a backdoor, trojan and P2P controlled bot. **Updated
**Note the file size that contains this threat is ~ 450MB**
Btw, this is currently discussed here: