Trojan Hides In Pirated Copies of Apple iWork '09

CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."

Why not download directly from Apple?

[WiiVault]

I don't steal software, ever, but it is a well known fact (among Mac users) that iWork can be downloaded direct from Apple. All it takes is a valid serial number and you are ready to go. Why the heck would anybody bother firing up a torrent?

Re:Not that I condone piracy but

[Firehed]

Not that I'd ever use a keygen or anything, but that's definitely only a Windows problem. From what I *cough* hear, most apps are either pre-cracked, have a drag-and-drop crack (how Mac-like), or just need any of a hundred serials floating around with no further mess.

(Actually, I think all of my software is totally legit except for Photoshop, and I plan to buy it eventually)

Re:Not that I condone piracy but

[djupedal]

Apple removed serial number requirements from iWork '09 - just install for the CD and go.

Now, explain again how to use a sn with a crippled trail, please...

Re:Nice of them to tell you how to remove it.

[nawcom]

Their alert, unlike every other antivirus company alert, does not tell you how to remove the trojan.

Nice.

sudo -s (enter password)
rm -r /System/Library/StartupItems/iWorkServices
rm /private/tmp/.iWorkServices
rm /usr/bin/iWorkServices
rm -r /Library/Receipts/iWorkServices.pkg
killall -9 iWorkServices