Jump to content
^_^

iWork '09 trojan beware!

99 posts in this topic

Recommended Posts

Advertisement

http://i.gizmodo.com/5137161/torrented-cop...sty-os-x-trojan

Torrented Copies of iWork '09 Come Laced With a Nasty OS X Trojan

By John Mahoney, 3:20 PM on Thu Jan 22 2009, 19,111 views

 

This may be a first for the Mac software world, and it's not cool at all: ill-gotten copies of iWork '09 circulating on Torrent sites contain OSX.Trojan.iServices.A, which is something you don't want.

 

The Trojan parks itself in your /System/Library/StartupItems folder with read-write-execute root privileges—from there it can phone home to a remote server and install additional nasties throughout your system. Right now, the only true fix is a full format and re-install, since its residual pieces can be spread far and wide. You can spot if your particular warez iWork is infected by searching for the iWorkServices.pkg inside the installer.

 

osxtrojan_iwork.png

 

It was spotted security software company Intego, who have identified several OS X security threats in the past. But as far as I can tell, this is the first one to come piggybacking along with a popular software package many people are pirating (Intego says 20,000 downloads).

 

If you're in the demographic of folks pirating iWork '09 via BitTorrent, chances are this is as close as you're come to getting VD from an ill-advised Southeast-Asian sex-professional liaison (the online equivalent). Still, not a good precedent to set. [intego]

Removal:

http://net-security.org/malware_news.php?id=1029

http://net-security.org/software.php?id=732

http://www.net-security.org/dl/software/iWorkServicesTrojanRemovalTool.dmg

8db9ea54.png

 

safe iWork*.mpkg :)

iWork09pkg_retail.png

Share this post


Link to post
Share on other sites

As others have expressed, it is unfortunate that the scum would have done this, but it really was inevitable, as apples market share increased.

 

Fortunately it only affected ill-gotten copies of software, and was not attached to anything legitimate as what happens to windows users on a daily basis even with firewalls and virus scanners on full alert.

 

The lesson I am taking away from this is to be weary of what software installers I hand over my administrator password to. Of course you gotta watch out for this with windows too.... oh wait...

Share this post


Link to post
Share on other sites
What exactly is it you don't trust?

 

EDIT: I have done some research and this company introduced the software back in 2003 (first written in 2002) so please refrain from stupid little comments like this (it can be held against you in court).

 

What the hell are you talking about? You're going to take me to court? <comment deleted by mod for foul language/flaming>

 

 

*sigh*

 

An exploit that requires you to grant it root access is NOT an exploit.

 

In the sense that you're exploiting the user's trust, perhaps. But agreed. Not a Mac OS X exploit in the technical sense.

Share this post


Link to post
Share on other sites

Much Ado About Nothing:

i built a hackintosh for 3 reasons; i. it's challenging and fun and i enjoy the community enthusiast interaction, ii it's easy to get software, and iii. i refuse to have apple dictate to me how i can use my software or machine, much less what kind of machine i can purchase.

 

but if you're going to go through the trouble of building something yourself get used to the occasional {censored} encounter like this one. but in all the years of building my own 'macs' and 'windows' machines with all kinds of software, i can count on one hand the number of time something truly major has happened to one of my systems, i.e. trojans, spyware, viruses, etc...

 

you have to use common sense/protection when you're doing this kind of thing. if this is too much for you, go buy a mac in the store. :)

 

personally, i'll stick with my hackintosh thank you.

 

dell studio 1737

Core 2 Duo T9400

4GB DDR2 800

2X320GB HD

iDeneb v.1.3 10.5.5

Share this post


Link to post
Share on other sites

Everyone has always loved Apple computers because they have fewer viruses/trojans/spyware... Looks like that is changing as their popularity soars... Then again, Torrents and other illegal downloads have always been well known as carriers of malicious software of all kinds. Lets just be thankful they caught it and are trying to fix it! :(

Share this post


Link to post
Share on other sites

Has anyone noticed that securemac.com's website is down, they say they are moving to a new server. Sound's like they got alot of publicity from this trojan.

Share this post


Link to post
Share on other sites
What the hell are you talking about? You're going to take me to court? <comment deleted by mod for foul language/flaming>

 

Relax man! Just think, twice, before you hit that button :thumbsup_anim:

 

Has anyone noticed that securemac.com's website is down, they say they are moving to a new server. Sound's like they got alot of publicity from this trojan.

 

Yeah, we tech writers did cause a bunch of traffic, unexpected to some.

Share this post


Link to post
Share on other sites
Now, you see, when in windows I would always install a firewall just to "feel" more secured. Working in OSX these days I don't use firewalls or antivirus apps for obvious reasons, BUT, WHEN DOWNLOADING TORRENT STUFF, HAVING A FIREWALL AND ANTIVIRUS APP IS A MUST. And remember kids, when you download software like that, after you have used it for some 1000 years remember to purchase the software. Those guys need to make a living you know. :)

 

OS X has a built in firewall. Has for years.

 

Little snitch is a must!!!

 

If something has root access, it can disable little snitch without you knowing it.

 

;)

 

You mean, because it isn't Apple's fault and it is the stupid user's fault.

 

Apple cannot prevent you from installing malicious software if you want to. If you run the installer, you give it your password, you let it install. YOU are to blame, not Apple.

 

In a corporate world you could blame the maker of the software for violating your trust, but since this was never anything more than a stolen installer people were (still are?) rushing out to get, people really only have themselves to blame if they installed this. It's quite a SUCKER moment, but that's the way it is.

 

No fanboi required.

 

Ok lets replace Apple with Microsoft here.

 

:blink:

 

You mean, because it isn't Microsoft's fault and it is the stupid user's fault.

 

Microsoft cannot prevent you from installing malicious software if you want to. If you run the installer, you give it your password, you let it install. YOU are to blame, not Microsoft.

 

In a corporate world you could blame the maker of the software for violating your trust, but since this was never anything more than a stolen installer people were (still are?) rushing out to get, people really only have themselves to blame if they installed this. It's quite a SUCKER moment, but that's the way it is.

 

No fanboi required.

 

Some estimates and further thoughts from me on the current situation -
  • Hardware = 20,000 x mostly Modern genuine Apple Mac desktops + few grey Intel PC 'hackintoshes' + maybe very few OSX servers
  • Operating System = Mostly OSX Leopard 10.5.x + few running Tiger 10.4.x + maybe very few others
  • Application = iLife 09 Trojan (Downloaded pirate software from an untrusted source - ftp/usenet/p2p/etc.)
  • 20,000 hits = 20,000 stupid OSX pirates all wanting iLife09 (a nice alternative to OpenOffice and MS Office for Mac)

So, quite a successful OSX trojan but still nowhere near as effective as the hundreds of thousands (maybe millions) of infected Windows boxes out there. Next question - Is this worth the black hat bad guys 'wormifying' a population of 20,000 internet-based relatively hard Unix hosts? That is one hell of a botnet leadership control base. I bet the underground race is now on to find and merge this population with a worm that can exploit zero-day (i.e. unpatched) OSX system service vulnerabilities, or perhaps maybe just a few vulnerabilities in Safari or iTunes or other commonly used standard OSX networked applications...

 

I think this might eventually be positive news for Apple. We might see the following -

  • More successful OSX malware, as this trojan sets an example to other black hats that success on OSX is quite possible as more stupid users start to use OSX while the overall market share population slowly increases
  • More effort by black hats trying to help OSX Leopard proliferate on more hardware for free (Universal OSX Leopard LiveDVD coming soon)
  • More anti-malware applications for OSX
  • More publicity (bad news is still news) for OSX and therefore more interest in trying to use it
  • More OSX Leopard usage (Both on genuine hardware and on cheap hackintosh PCs) as interest in OSX rises when users realise it works very nicely alongside (or even with/within) Windows and generally can replace all running functions of Windows effectively through virtualisation software such as sun VirtualBox, Parallels and VMware Fusion, except at the moment videogames, as hardware-accelerated graphics functions are currently difficult to virtualise.
  • Mass takeup of OSX Leopard could happen once the critical mass blooms, as Windows pirates see how much nicer everything is, when provided with a genuinely easy choice...
  • Slightly increased takeup of Linux as another multi-booting, easy-to-install and totally free (legit) operating system alternative that can also run alongside Windows on the same hardware...
  • More retail sales of OSX for Apple, as hackintosh users realise how much more confident they will feel in running a 'clean' system and maybe even an increase in hardware sales as OSX runs on the real thing soooo much easier and maybe even slightly nicer :)

Finally, I dream of the nirvana that would be massively increased success for OSX, as most new Windows videogames could easily be redeveloped to run on OSX, through the 'Cider' and other Wine-like/crossover engines. I like running AOE3, UT2004, Call of Duty 4 and Spore (amongst many others) on OSX Leopard at the moment. If Apple do release a truly 'affordable' updated Mac Mini or iMac with onboard accelerated Nvidia Geforce 3D graphics, then that could be the tipping point for myself and many others to also try out OSX for real...

 

An open-minded Unix, Linux and OSx86 (Hackintosh) advocate who is genuinely agnostic when it comes to hardware and operating systems. Each system has its own strengths, just some are more specialist than others and some are for those with more acquired tastes. I always like to note that the only hardware system for true gamers is the one that natively plays ALL the latest videogames (i.e. none of the above!) so my advice for most people in this current economic climate is -

 

Think of value-for-money, function-over-form, quantity-for-quality ratio (bang-for-buck), invest-to-save and most important of all, sustainable development (in every aspect of life).

 

End rant :)

 

Everything has a beginning remember.

 

^_^)--><div class='quotetop'>QUOTE(^_^ @ Jan 22 2009, 10:27 PM) <{POST_SNAPBACK}></div><div class='quotemain'><!--quotec-->promo_iwork09.jpg

 

Headline says in engadget.com

iWork '09 trojan infects at least 20,000 machines.

 

http://www.engadget.com/2009/01/22/iwork-0...hines/#comments

 

Pirated iWork '09 installer may contain trojan horse

in macworld.com

 

http://www.macworld.com/article/138380/iworktrojan.html

 

I didn't have iwork09 but as i was reading, i found this and thought someone might need this.

 

sees if you have it at /System/Library/StartupItems for an item named iWorkServices

 

a copy paste of ways to get ride of it from engadget user Aaron

 

I am new to the Mac world and love it. I have been a windows fan from '95 and dos before that. What I hate is the fact that with windows all you have to do is visit a site and get infected. This is not a flaw in the system just a flaw in the way WE use it. If you buy software off the shelf or the original software site you have nothing to worry about. If you download a torent you better have protection. This makes the ability to install and update your Hack from the official site so important. Thanks all. Just my thoughts. Thanks Apple.

 

Once a system is compromised, you can never know it is truly clean until you wipe it clean and start over restoring from a known good backup. And that visit a site and get infected is not limited to windows, see here. Don't bother trying to clean it, and instead wipe it clean. Then you'll know it's clean.

 

*sigh*

 

An exploit that requires you to grant it root access is NOT an exploit.

 

Correct. I'll remember that the next time a trojan is released for Windows Vista and has to ask you for permission. Oh wait, it already has known as Antivirus 2009 where it asks you to install by entering in your password if you're a regular user and if you're an admin, you have to confirm it by clicking continue.

 

Everyone has always loved Apple computers because they have fewer viruses/trojans/spyware... Looks like that is changing as their popularity soars... Then again, Torrents and other illegal downloads have always been well known as carriers of malicious software of all kinds. Lets just be thankful they caught it and are trying to fix it! ;)

 

You can't fix user stupidity.

Share this post


Link to post
Share on other sites
{censored}.

this sucks.

anyone know what torrent it was that was infected? (don't post a link but u can say the name and what site it was from)

 

Just check if you got it installed. Link was in the article posted. If it is, your fault for installing pirated software. And it's time to wipe your system clean and restore from a known good back up.

Share this post


Link to post
Share on other sites

I just installed one of iWork copies of D--oid that says have no trojan. And then run the trojan remover huh it said there was no trojan :) Apple Good, Good Apple :)

Share this post


Link to post
Share on other sites
I just installed one of iWork copies of D--oid that says have no trojan. And then run the trojan remover huh it said there was no trojan :) Apple Good, Good Apple :P

 

Did you manually check if the trojan was installed? See the link in the article on how to do that. You have to use terminal to do that.

Share this post


Link to post
Share on other sites
Indeed. I wonder when the fanboi's will come out to say this isn't Apple's fault and is the user's fault instead.

 

I'm not quite a fanboi, but let's look at the facts here:

 

1. Someone downloaded something illegally.

 

2. That same someone installs said something he downloaded illegally.

 

3. That install from said someone who downloaded something illegally is bugged and installs a Trojan onto the system.

 

This is Apple's fault somehow??? Now if it came from a an actual purchased CD, I can make a case for it being Apple's fault. Plus, come on--this is 79 bucks here. It isn't the $9,000 Photoshop suite or the $3,000,000 Office suite (figures inflated for hyperbole).

 

It's the same thing with most Windows viruses. Stop watching porn and stop downloading software illegally and things like this might not happen to you.

Share this post


Link to post
Share on other sites
Did you manually check if the trojan was installed? See the link in the article on how to do that. You have to use terminal to do that.

Nope a program called iWorkServices Trojan Remover Tool that was mentioned here. -_-

Share this post


Link to post
Share on other sites

I have the perfect solution. Just run this app below. You run it, enter your root password, then enter your credit card number, and it "checks to see if you have the virus" and if you do, it "removes it" for you, for free. No really!

 

It's totally safe, my friend Larry said so and he's been around since 1988.

 

Here's the app:

 

This app isn't sinister at all.app

 

Oh, and if there's anything wrong with the app, you should blame Apple, because clearly it's their fault.

 

=)

Share this post


Link to post
Share on other sites
I have the perfect solution. Just run this app below. You run it, enter your root password, then enter your credit card number, and it "checks to see if you have the virus" and if you do, it "removes it" for you, for free. No really!

 

It's totally safe, my friend Larry said so and he's been around since 1988.

 

Here's the app:

 

This app isn't sinister at all.app

 

Oh, and if there's anything wrong with the app, you should blame Apple, because clearly it's their fault.

 

=)

 

Lol I loved that. :)

Share this post


Link to post
Share on other sites
I'm not quite a fanboi, but let's look at the facts here:

 

1. Someone downloaded something illegally.

 

2. That same someone installs said something he downloaded illegally.

 

3. That install from said someone who downloaded something illegally is bugged and installs a Trojan onto the system.

 

This is Apple's fault somehow??? Now if it came from a an actual purchased CD, I can make a case for it being Apple's fault. Plus, come on--this is 79 bucks here. It isn't the $9,000 Photoshop suite or the $3,000,000 Office suite (figures inflated for hyperbole).

 

It's the same thing with most Windows viruses. Stop watching porn and stop downloading software illegally and things like this might not happen to you.

 

lol you can't detect sarcasm it seems :( Because as this has happened in the past to users of Windows who would get a trojan like this through the exact same kind of method, Apple fanboi's would blame Microsoft instead of the end user.

 

But Apple has shipped out a paid product itself that had a virus before. But instead of admitting full blame first, they took a jab at windows and then admitted blame, which shows their level of maturity. The reaction from Apple fanboi's? Let's blame Microsoft instead of Apple.

 

Nope a program called iWorkServices Trojan Remover Tool that was mentioned here. :P

 

So you then admit to downloading pirated software? *reports to spa* j/k :D

Share this post


Link to post
Share on other sites
So you then admit to downloading pirated software? *reports to spa* j/k :)

 

Lol but everybody does.. Omg lol I'm speechless :P And since people pay a lot for macbook and kind. Apple should close eyes for this :P

Share this post


Link to post
Share on other sites

It was bound to happen with all the "no viruses/malware" ads Apple has been throwing out. They literally have been waving the red flag in front of the bull. It's just that the bulls weren't too interested in less than 5% of the population. ;)

 

Moral of the story: Never EVER promote your operating system by marketing it as "Virus/Malware impossible". With all the user stupidity out there, it is bound to bite back. 99.9% of virus/malware infection cases I've encountered is a classic case of PEBKAC (problem exists between keyboard and chair). :)

Share this post


Link to post
Share on other sites

Identity theft. Some get hit financially, some have friendships sabotaged. I was wrongly blamed for deleting thousands of posts on an msn forum and received death threats from angry users. I then got a hardware firewall, reformatted and purchased XP (it was a secondhand computer; I had assumed installing anti virus, etc, etc, would be enough to flush out trojans and keyloggers, etc, etc). I felt sure at some point an anti virus product would come out with signatures from all software companies of what their untainted retail software should look like. Didn't happen. Then I read about root kits and... bloody hell. My computer's resources were bogged down with security products, my mind bogged down with the evil scare tactics of security companies.

 

I hated fanboy snobbery and the virus-free smugness of many Mac users, it was creepy. Even the 'I'm a Mac and I'm a PC' ads didn't fully change that climate. JAS' Tiger distros sparked a lot of interest in the Mac platform from people who, otherwise, would never even remotely have thought of using the snobbish Mac platform; student take up on hackintoshs led to a loyal base who then, largely, when they got jobs, bought Mac hardware. The best unsanctioned gaurilla marketing campaign of all time. In terms of aesthetics, time saved and unique aftersales service, you come to appreciate that Macs are worth the annoying price premium. I have a first generation Mac Mini and am frustrated that there hasn't been a third generation product line refresh. I was looking forward to it coming bundled with iLife09.

 

This mess, which would have been much worse if we were talking about the massively popular iLife suite, should do sales of Apple software a great service. Possibly there are student deals that I am unaware of but, for $169, you can buy the Mac Box Set, which comprises of single user editions of iWork09, iLife09 and Leopard. For $229 you can get the family pack version. I know money is tight but blanket trust and stupidity is much more costly.

Share this post


Link to post
Share on other sites
EDIT: I have done some research and this company introduced the software back in 2003 (first written in 2002) so please refrain from stupid little comments like this (it can be held against you in court).

 

People are free to express whatever opinions they wish about a company. Microsoft released their first stuff back in the late 1970's - think that stops anyone from bashing them?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×