Jump to content

iWork '09 trojan beware!

^_^

By ^_^,
in Front Page News and Rumors

 Share
99 posts in this topic

Recommended Posts

^_^
^_^
Posted
Posted

promo_iwork09.jpg

 

Headline says in engadget.com

iWork '09 trojan infects at least 20,000 machines.

 

http://www.engadget.com/2009/01/22/iwork-0...hines/#comments

 

Pirated iWork '09 installer may contain trojan horse

in macworld.com

 

http://www.macworld.com/article/138380/iworktrojan.html

 

I didn't have iwork09 but as i was reading, i found this and thought someone might need this.

 

sees if you have it at /System/Library/StartupItems for an item named iWorkServices

 

a copy paste of ways to get ride of it from engadget user Aaron

 

To those of you who pirated this software (shame on you):

 

1. (open Terminal.app)

2. sudo su (enter password)

3. rm -r /System/Library/StartupItems/iWorkServices

4. rm /private/tmp/.iWorkServices

5. rm /usr/bin/iWorkServices

6. rm -r /Library/Receipts/iWorkServices.pkg

7. killall -9 iWorkServices

 

Most of all, don't execute anything that doesn't look legit. Just because something asks for your root password doesn't mean you should just blindly enter it.

Link to comment
Share on other sites
pyrates
pyrates
Posted
Posted
Wow I thought macs could not get viruses XD

 

Just poking fun, thats what people get for downloading pirated software........................*closes torrent program*

 

Indeed. I wonder when the fanboi's will come out to say this isn't Apple's fault and is the user's fault instead.

Link to comment
Share on other sites
macita
macita
Posted
Posted

√ The bad thing is that is imbedded in to the installer, so when u type the password for root axxex installer it gains it!

 

√ The problem is that lots of hackers (not crackers) are thinking to OSX! And we cant do nothing....except buy original! But who knows if in a original software u can find a trojan too? See what microsux is doing...lots of spyware!

 

√ Welcome in the digital world!

 

Quite a number of no-goodniks who thought they'd save a few bucks by downloading a pirated version of iWork '09 have gotten more than they'd bargained for -- in the form of a Trojan Horse called OSX.Trojan.iServices.A. This guy installs itself in the computer's startup as root, and once in place it can connect to a remote server and broadcast its location, allowing malicious users to take charge of the machine remotely. And since it has root access to the OS, the trojan can not only install additional components but can also modify existing apps, making this thing extremely difficult to remove. According to a white paper released by Intego, at least 20,000 people may have downloaded the infected software -- which they'll get around to installing as soon as they finish those episodes of Celebrity Rehab they grabbed at the same time.

Link to comment
Share on other sites
Guest undefined
Guest undefined
Posted
Posted

It's kinda stupid to download the cracked installer, since you can freely download trials from Apple website and use a *cough* legit *cough* license code. ;)

Link to comment
Share on other sites
dweb8888
dweb8888
Posted
Posted

Now, you see, when in windows I would always install a firewall just to "feel" more secured. Working in OSX these days I don't use firewalls or antivirus apps for obvious reasons, BUT, WHEN DOWNLOADING TORRENT STUFF, HAVING A FIREWALL AND ANTIVIRUS APP IS A MUST. And remember kids, when you download software like that, after you have used it for some 1000 years remember to purchase the software. Those guys need to make a living you know. :huh:

Link to comment
Share on other sites
lmjabreu
lmjabreu
Posted
Posted

Not a virus in the classical meaning of it, it's not as if you're browsing the web, insert a usb drive, etc and bam you're infected. malware app is bundled with 'legit' software, can't prevent that on any OS unless the tracker in question verifies the torrent before making it public.

Link to comment
Share on other sites
Bob Ajob
Bob Ajob
Posted
Posted

Some estimates and further thoughts from me on the current situation -

  • Hardware = 20,000 x mostly Modern genuine Apple Mac desktops + few grey Intel PC 'hackintoshes' + maybe very few OSX servers
  • Operating System = Mostly OSX Leopard 10.5.x + few running Tiger 10.4.x + maybe very few others
  • Application = iLife 09 Trojan (Downloaded pirate software from an untrusted source - ftp/usenet/p2p/etc.)
  • 20,000 hits = 20,000 stupid OSX pirates all wanting iLife09 (a nice alternative to OpenOffice and MS Office for Mac)

So, quite a successful OSX trojan but still nowhere near as effective as the hundreds of thousands (maybe millions) of infected Windows boxes out there. Next question - Is this worth the black hat bad guys 'wormifying' a population of 20,000 internet-based relatively hard Unix hosts? That is one hell of a botnet leadership control base. I bet the underground race is now on to find and merge this population with a worm that can exploit zero-day (i.e. unpatched) OSX system service vulnerabilities, or perhaps maybe just a few vulnerabilities in Safari or iTunes or other commonly used standard OSX networked applications...

 

I think this might eventually be positive news for Apple. We might see the following -

  • More successful OSX malware, as this trojan sets an example to other black hats that success on OSX is quite possible as more stupid users start to use OSX while the overall market share population slowly increases
  • More effort by black hats trying to help OSX Leopard proliferate on more hardware for free (Universal OSX Leopard LiveDVD coming soon)
  • More anti-malware applications for OSX
  • More publicity (bad news is still news) for OSX and therefore more interest in trying to use it
  • More OSX Leopard usage (Both on genuine hardware and on cheap hackintosh PCs) as interest in OSX rises when users realise it works very nicely alongside (or even with/within) Windows and generally can replace all running functions of Windows effectively through virtualisation software such as sun VirtualBox, Parallels and VMware Fusion, except at the moment videogames, as hardware-accelerated graphics functions are currently difficult to virtualise.
  • Mass takeup of OSX Leopard could happen once the critical mass blooms, as Windows pirates see how much nicer everything is, when provided with a genuinely easy choice...
  • Slightly increased takeup of Linux as another multi-booting, easy-to-install and totally free (legit) operating system alternative that can also run alongside Windows on the same hardware...
  • More retail sales of OSX for Apple, as hackintosh users realise how much more confident they will feel in running a 'clean' system and maybe even an increase in hardware sales as OSX runs on the real thing soooo much easier and maybe even slightly nicer :D

Finally, I dream of the nirvana that would be massively increased success for OSX, as most new Windows videogames could easily be redeveloped to run on OSX, through the 'Cider' and other Wine-like/crossover engines. I like running AOE3, UT2004, Call of Duty 4 and Spore (amongst many others) on OSX Leopard at the moment. If Apple do release a truly 'affordable' updated Mac Mini or iMac with onboard accelerated Nvidia Geforce 3D graphics, then that could be the tipping point for myself and many others to also try out OSX for real...

 

An open-minded Unix, Linux and OSx86 (Hackintosh) advocate who is genuinely agnostic when it comes to hardware and operating systems. Each system has its own strengths, just some are more specialist than others and some are for those with more acquired tastes. I always like to note that the only hardware system for true gamers is the one that natively plays ALL the latest videogames (i.e. none of the above!) so my advice for most people in this current economic climate is -

 

Think of value-for-money, function-over-form, quantity-for-quality ratio (bang-for-buck), invest-to-save and most important of all, sustainable development (in every aspect of life).

 

End rant :D

Link to comment
Share on other sites
John the Geek
John the Geek
Posted
Posted
Indeed. I wonder when the fanboi's will come out to say this isn't Apple's fault and is the user's fault instead.

 

:thumbsdown_anim:

 

You mean, because it isn't Apple's fault and it is the stupid user's fault.

 

Apple cannot prevent you from installing malicious software if you want to. If you run the installer, you give it your password, you let it install. YOU are to blame, not Apple.

 

In a corporate world you could blame the maker of the software for violating your trust, but since this was never anything more than a stolen installer people were (still are?) rushing out to get, people really only have themselves to blame if they installed this. It's quite a SUCKER moment, but that's the way it is.

 

No fanboi required.

Link to comment
Share on other sites
Master Chief
Master Chief
Posted
Posted

Why bother with illegal software, when you can get it for only $79?

 

I don't know if I'd trust that either. It's just as mysterious in origin.

 

What exactly is it you don't trust?

 

EDIT: I have done some research and this company introduced the software back in 2003 (first written in 2002) so please refrain from stupid little comments like this (it can be held against you in court).

Link to comment
Share on other sites
Bob Ajob
Bob Ajob
Posted
Posted

This link was also posted at the macrumors.com site - see where it says update 2.

 

Seems the securemac.com site has been around since 1999 so I would be surprised if it doesn't have at least some level of trust within the mac community?

 

[EDIT] Here is another link from last summer where they were recognised for highlighting another OSX trojan.

Link to comment
Share on other sites
boss4908
boss4908
Posted
Posted

:()-->

QUOTE(:) @ Jan 22 2009, 10:27 PM) <{POST_SNAPBACK}>
promo_iwork09.jpg

 

Headline says in engadget.com

iWork '09 trojan infects at least 20,000 machines.

 

http://www.engadget.com/2009/01/22/iwork-0...hines/#comments

 

Pirated iWork '09 installer may contain trojan horse

in macworld.com

 

http://www.macworld.com/article/138380/iworktrojan.html

 

I didn't have iwork09 but as i was reading, i found this and thought someone might need this.

 

sees if you have it at /System/Library/StartupItems for an item named iWorkServices

 

a copy paste of ways to get ride of it from engadget user Aaron

 

I am new to the Mac world and love it. I have been a windows fan from '95 and dos before that. What I hate is the fact that with windows all you have to do is visit a site and get infected. This is not a flaw in the system just a flaw in the way WE use it. If you buy software off the shelf or the original software site you have nothing to worry about. If you download a torent you better have protection. This makes the ability to install and update your Hack from the official site so important. Thanks all. Just my thoughts. Thanks Apple.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...