^_^ Posted January 23, 2009 Share Posted January 23, 2009 Headline says in engadget.com iWork '09 trojan infects at least 20,000 machines. http://www.engadget.com/2009/01/22/iwork-0...hines/#comments Pirated iWork '09 installer may contain trojan horse in macworld.com http://www.macworld.com/article/138380/iworktrojan.html I didn't have iwork09 but as i was reading, i found this and thought someone might need this. sees if you have it at /System/Library/StartupItems for an item named iWorkServices a copy paste of ways to get ride of it from engadget user Aaron To those of you who pirated this software (shame on you): 1. (open Terminal.app) 2. sudo su (enter password) 3. rm -r /System/Library/StartupItems/iWorkServices 4. rm /private/tmp/.iWorkServices 5. rm /usr/bin/iWorkServices 6. rm -r /Library/Receipts/iWorkServices.pkg 7. killall -9 iWorkServices Most of all, don't execute anything that doesn't look legit. Just because something asks for your root password doesn't mean you should just blindly enter it. Link to comment Share on other sites More sharing options...
MGJulius Posted January 23, 2009 Share Posted January 23, 2009 Wow I thought macs could not get viruses XD Just poking fun, thats what people get for downloading pirated software........................*closes torrent program* Link to comment Share on other sites More sharing options...
pyrates Posted January 23, 2009 Share Posted January 23, 2009 Wow I thought macs could not get viruses XD Just poking fun, thats what people get for downloading pirated software........................*closes torrent program* Indeed. I wonder when the fanboi's will come out to say this isn't Apple's fault and is the user's fault instead. Link to comment Share on other sites More sharing options...
Coolin93 Posted January 23, 2009 Share Posted January 23, 2009 IT'S COMING...lol, I knew that those iWork torrents looked to good to be true >.> Link to comment Share on other sites More sharing options...
SpeedfreaK Posted January 23, 2009 Share Posted January 23, 2009 stupid crackers! stop making viruses and trojans for the mac because i don't want to install a freakin' virus scanner on my macs! Link to comment Share on other sites More sharing options...
macita Posted January 23, 2009 Share Posted January 23, 2009 √ The bad thing is that is imbedded in to the installer, so when u type the password for root axxex installer it gains it! √ The problem is that lots of hackers (not crackers) are thinking to OSX! And we cant do nothing....except buy original! But who knows if in a original software u can find a trojan too? See what microsux is doing...lots of spyware! √ Welcome in the digital world! Quite a number of no-goodniks who thought they'd save a few bucks by downloading a pirated version of iWork '09 have gotten more than they'd bargained for -- in the form of a Trojan Horse called OSX.Trojan.iServices.A. This guy installs itself in the computer's startup as root, and once in place it can connect to a remote server and broadcast its location, allowing malicious users to take charge of the machine remotely. And since it has root access to the OS, the trojan can not only install additional components but can also modify existing apps, making this thing extremely difficult to remove. According to a white paper released by Intego, at least 20,000 people may have downloaded the infected software -- which they'll get around to installing as soon as they finish those episodes of Celebrity Rehab they grabbed at the same time. Link to comment Share on other sites More sharing options...
Guest undefined Posted January 23, 2009 Share Posted January 23, 2009 It's kinda stupid to download the cracked installer, since you can freely download trials from Apple website and use a *cough* legit *cough* license code. Link to comment Share on other sites More sharing options...
rathalos Posted January 23, 2009 Share Posted January 23, 2009 thank god i grabbed iwork 09 off apple's sites the hour it was released and grabbed the serial 7 hrs from the keynote... lol.. Link to comment Share on other sites More sharing options...
dweb8888 Posted January 23, 2009 Share Posted January 23, 2009 Now, you see, when in windows I would always install a firewall just to "feel" more secured. Working in OSX these days I don't use firewalls or antivirus apps for obvious reasons, BUT, WHEN DOWNLOADING TORRENT STUFF, HAVING A FIREWALL AND ANTIVIRUS APP IS A MUST. And remember kids, when you download software like that, after you have used it for some 1000 years remember to purchase the software. Those guys need to make a living you know. Link to comment Share on other sites More sharing options...
macita Posted January 23, 2009 Share Posted January 23, 2009 Little snitch is a must!!! Link to comment Share on other sites More sharing options...
lmjabreu Posted January 23, 2009 Share Posted January 23, 2009 Not a virus in the classical meaning of it, it's not as if you're browsing the web, insert a usb drive, etc and bam you're infected. malware app is bundled with 'legit' software, can't prevent that on any OS unless the tracker in question verifies the torrent before making it public. Link to comment Share on other sites More sharing options...
Bob Ajob Posted January 23, 2009 Share Posted January 23, 2009 Some estimates and further thoughts from me on the current situation - Hardware = 20,000 x mostly Modern genuine Apple Mac desktops + few grey Intel PC 'hackintoshes' + maybe very few OSX servers Operating System = Mostly OSX Leopard 10.5.x + few running Tiger 10.4.x + maybe very few others Application = iLife 09 Trojan (Downloaded pirate software from an untrusted source - ftp/usenet/p2p/etc.) 20,000 hits = 20,000 stupid OSX pirates all wanting iLife09 (a nice alternative to OpenOffice and MS Office for Mac) So, quite a successful OSX trojan but still nowhere near as effective as the hundreds of thousands (maybe millions) of infected Windows boxes out there. Next question - Is this worth the black hat bad guys 'wormifying' a population of 20,000 internet-based relatively hard Unix hosts? That is one hell of a botnet leadership control base. I bet the underground race is now on to find and merge this population with a worm that can exploit zero-day (i.e. unpatched) OSX system service vulnerabilities, or perhaps maybe just a few vulnerabilities in Safari or iTunes or other commonly used standard OSX networked applications... I think this might eventually be positive news for Apple. We might see the following - More successful OSX malware, as this trojan sets an example to other black hats that success on OSX is quite possible as more stupid users start to use OSX while the overall market share population slowly increases More effort by black hats trying to help OSX Leopard proliferate on more hardware for free (Universal OSX Leopard LiveDVD coming soon) More anti-malware applications for OSX More publicity (bad news is still news) for OSX and therefore more interest in trying to use it More OSX Leopard usage (Both on genuine hardware and on cheap hackintosh PCs) as interest in OSX rises when users realise it works very nicely alongside (or even with/within) Windows and generally can replace all running functions of Windows effectively through virtualisation software such as sun VirtualBox, Parallels and VMware Fusion, except at the moment videogames, as hardware-accelerated graphics functions are currently difficult to virtualise. Mass takeup of OSX Leopard could happen once the critical mass blooms, as Windows pirates see how much nicer everything is, when provided with a genuinely easy choice... Slightly increased takeup of Linux as another multi-booting, easy-to-install and totally free (legit) operating system alternative that can also run alongside Windows on the same hardware... More retail sales of OSX for Apple, as hackintosh users realise how much more confident they will feel in running a 'clean' system and maybe even an increase in hardware sales as OSX runs on the real thing soooo much easier and maybe even slightly nicer Finally, I dream of the nirvana that would be massively increased success for OSX, as most new Windows videogames could easily be redeveloped to run on OSX, through the 'Cider' and other Wine-like/crossover engines. I like running AOE3, UT2004, Call of Duty 4 and Spore (amongst many others) on OSX Leopard at the moment. If Apple do release a truly 'affordable' updated Mac Mini or iMac with onboard accelerated Nvidia Geforce 3D graphics, then that could be the tipping point for myself and many others to also try out OSX for real... An open-minded Unix, Linux and OSx86 (Hackintosh) advocate who is genuinely agnostic when it comes to hardware and operating systems. Each system has its own strengths, just some are more specialist than others and some are for those with more acquired tastes. I always like to note that the only hardware system for true gamers is the one that natively plays ALL the latest videogames (i.e. none of the above!) so my advice for most people in this current economic climate is - Think of value-for-money, function-over-form, quantity-for-quality ratio (bang-for-buck), invest-to-save and most important of all, sustainable development (in every aspect of life). End rant Link to comment Share on other sites More sharing options...
John the Geek Posted January 23, 2009 Share Posted January 23, 2009 Indeed. I wonder when the fanboi's will come out to say this isn't Apple's fault and is the user's fault instead. You mean, because it isn't Apple's fault and it is the stupid user's fault. Apple cannot prevent you from installing malicious software if you want to. If you run the installer, you give it your password, you let it install. YOU are to blame, not Apple. In a corporate world you could blame the maker of the software for violating your trust, but since this was never anything more than a stolen installer people were (still are?) rushing out to get, people really only have themselves to blame if they installed this. It's quite a SUCKER moment, but that's the way it is. No fanboi required. Link to comment Share on other sites More sharing options...
macita Posted January 23, 2009 Share Posted January 23, 2009 THE SOLUTION IS HERE http://macscan.securemac.com/files/iWorkSe...RemovalTool.dmg Link to comment Share on other sites More sharing options...
John the Geek Posted January 23, 2009 Share Posted January 23, 2009 THE SOLUTION IS HERE http://macscan.securemac.com/files/iWorkSe...RemovalTool.dmg I don't know if I'd trust that either. It's just as mysterious in origin. Link to comment Share on other sites More sharing options...
Master Chief Posted January 23, 2009 Share Posted January 23, 2009 Why bother with illegal software, when you can get it for only $79? I don't know if I'd trust that either. It's just as mysterious in origin. What exactly is it you don't trust? EDIT: I have done some research and this company introduced the software back in 2003 (first written in 2002) so please refrain from stupid little comments like this (it can be held against you in court). Link to comment Share on other sites More sharing options...
Bob Ajob Posted January 23, 2009 Share Posted January 23, 2009 This link was also posted at the macrumors.com site - see where it says update 2. Seems the securemac.com site has been around since 1999 so I would be surprised if it doesn't have at least some level of trust within the mac community? [EDIT] Here is another link from last summer where they were recognised for highlighting another OSX trojan. Link to comment Share on other sites More sharing options...
cmdshft Posted January 23, 2009 Share Posted January 23, 2009 Am I the only one who grabbed a copy of iWork 09 on torrent that wasn't infected? Link to comment Share on other sites More sharing options...
boss4908 Posted January 23, 2009 Share Posted January 23, 2009 )--> QUOTE( @ Jan 22 2009, 10:27 PM) <{POST_SNAPBACK}> Headline says in engadget.com iWork '09 trojan infects at least 20,000 machines. http://www.engadget.com/2009/01/22/iwork-0...hines/#comments Pirated iWork '09 installer may contain trojan horse in macworld.com http://www.macworld.com/article/138380/iworktrojan.html I didn't have iwork09 but as i was reading, i found this and thought someone might need this. sees if you have it at /System/Library/StartupItems for an item named iWorkServices a copy paste of ways to get ride of it from engadget user Aaron I am new to the Mac world and love it. I have been a windows fan from '95 and dos before that. What I hate is the fact that with windows all you have to do is visit a site and get infected. This is not a flaw in the system just a flaw in the way WE use it. If you buy software off the shelf or the original software site you have nothing to worry about. If you download a torent you better have protection. This makes the ability to install and update your Hack from the official site so important. Thanks all. Just my thoughts. Thanks Apple. Link to comment Share on other sites More sharing options...
inimicus Posted January 23, 2009 Share Posted January 23, 2009 Apple is responsible for me entering an administrator password in a malicious installer. Apple is responsible for me entering an administrator password with the command rm -rf /. Damn Apple to hell! Link to comment Share on other sites More sharing options...
gama472 Posted January 23, 2009 Share Posted January 23, 2009 mmm... seems that ill have to change to linux... (god i just finished my hackickintosh) Link to comment Share on other sites More sharing options...
cparm Posted January 23, 2009 Share Posted January 23, 2009 well, so the lesson is: "DON'T DOWNLOAD WAREZ OR PIRATED SOFTWARE" Link to comment Share on other sites More sharing options...
Boombeng Posted January 23, 2009 Share Posted January 23, 2009 Am I the only one who grabbed a copy of iWork 09 on torrent that wasn't infected? No Link to comment Share on other sites More sharing options...
cabron Posted January 24, 2009 Share Posted January 24, 2009 well done iwork 09 is a must and worthly upgrade/buy by the way, i'm clean this bundle (keynote and pages, numbers too) has been a lot useful to me in the last years Link to comment Share on other sites More sharing options...
andia Posted January 24, 2009 Share Posted January 24, 2009 wtf???!!!! Link to comment Share on other sites More sharing options...
Recommended Posts