My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

MAC.OSX.Trojan.Krowi.A

VERY LOW
LOW
aprox 414kb
(Backdoor.OSX.iWorm.a, Mac.Iservice, OSX.Iservice, Backdoor:MACOS_X/Iservice, OSX_KROWI.A)

Symptoms

Presence of :
* file "/usr/bin/iWorkServices"
* process iWorkServices

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel RADU, Senior Virus Researcher

Technical Description:

       This malware comes bundled with a modified version of iWork installer available on illegal torrent sites and will get installed at the same time as the original software. Because the installer needs administrator password the malware will also run as an administrator. 

       Once launched it will:
         * check if it's running with administrator rights and will exit if not;
         * copy itself in "/usr/bin" directory with "iWorkServices" name;
         * add itself to system startup as to run each time computer start;
         * try to connect to two p2p servers in order to download additional malware components:
               - xxx.xxx.177.146 (port 59201)
               - xxxxxxxx.freehostia.com (port 1024).