Slashdot Mirror
Trojan Hides In Pirated Copies of Apple iWork '09
CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."
Faster! Faster! Faster would be better!
Sometimes I wonder if companies that create security software aren't sometimes guilty of either creating or funding the creation of viruses, trojans, worms, &c. simply to justify their own existence.
Is that cynical?
Since when does a PEBKAC error count as news? If you're idiot enough to install pirated software then you deserve what you get - and absolutely nobody can protect a computer system against user stupidity.
Power does not corrupt - power attracts the corrupt.
This requires user action and piracy. No one can -ever- claim that -any- computer is safe from, essentially, social engineering.
If Apple were evil they could deliberately put hacked versions onto filesharing sites. More seriously, this is a good example of why even pirating software is really not a good idea. Unless you know exactly who you are downloading from you don't know what you are getting. Very little commercial software has nice little checksums or hashes that are easily available for you to verify. Downloading pirated software is a bit like having unprotected sex with a stranger. It might feel real good now, but you are going to regret it later.
Whos talking about a virus? I dont see ANYTHING about a virus. I DO see a story about a TROJAN. Whole different ball of wax there. No system EVER will be secure from a trojan, since for a trojan to work the USER has to willingly give his admini password to install it.
"Slashdot, where telling the truth is overrated but lying is insightful."
I don't think anyone would blame Microsoft for user-installed malware. It's when you get something simply by going to a website, clicking a link, mounting a drive, or even just hooking it up to the internet that can be blamed on lousy code. When malicious nasties get onto OS X by any of the above with no real action on the user's part, then you we can all blame Apple just like we blamed Microsoft. Until then, it's just a PEBKAC issue.
This requires user action and piracy.
So does 99.99% of windows malware.
No one can -ever- claim that -any- computer is safe from, essentially, social engineering.
Again right. But what's the solution? That is the real question.
Because this is the ecosystem microsoft lives in, we've seen what they're trying... digital signatures on drivers, the inability to put admin items in your startup, UAC prompts... etc, etc.
What is Apple going to do in response to inevitable arrival of social-engineering malware as it gains marketshare?
What is Linux going to if/when it acheives enough marketshare among joe-sixpacks for social engineering to be profitable?
As much as /. likes to take shots at Microsoft, what would you do better? *nix security is just as vulnerable to social engineering as windows is, given the same users.
Just this week.
A worm differs from a virus only in so much that it doesn't need to copy itself into a system program. For all intents and purposes however, the difference between the two terms is antiquated.
Javascript + Nintendo DSi = DSiCade
So does 99.99% of windows malware.
Somehow I doubt that Windows worms and exploits only make up .001% of all Windows malware. The old lsass exploit (yeah, I know you remember) was pretty widespread and only required an internet connection and an unpatched Windows 2000/maybe XP machine. ...But it was only a part of the .001% of non-user interactive malware that your statistics seem to assert.
They don't encourage users NOT to install... they simply don't hawk the virus software as a crutch to avoid good common sense. That's not to say that Windows (or more specifically Microsoft) does, it's just the nature of the OS itself that dictates what might be vs. what might not be.
You can safely say that, out of the box, Apple's OS is safer than Microsoft's (and you can make up your own reasons why), and this particular "virus" (it's a trojan, not a virus) isn't related to a vulnerability in the OS. It's related to a vulnerability in a trusting user. It's vastly different than an exploit that antivirus programs are designed to watch for. No antivirus would protect someone from this, unless it was known already as a trojan (then an update would have to show up, etc.) But you begin to see the fallacy of blaming Apple for social engineering. Educating the novices of ANY OS is something we should be doing, rather than trying to have a pissing contest between Jobs and Ballmer.
It's the Stay-Puft Marshmallow Man.
Software programs downloaded from third-party pirate sites can contain trojans.
Film at 11!
It's not like trojans are unusual, they are commonplace, and a risk for every computer user who thinks about running things from untrusted sources.
Note to keygen creators: I do not want to hear your brother's crappy techno remixes when using your app. Is there some way I can pay you to disable this feature?
Erm, you can indeed. You can pay money to buy a legit serial number - voila - no crappy techno music.
-Em
RelevantElephants: A Somatic WebComic...
Go learn about the difference between a virus and a trojan.
complete with virii and rootkits.
Argh. Please don't say "virii", even ironically. It encourages idiots.
Not to troll, but as far as I'm concerned anyone who pirates software deserves it...
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
I am using Ubuntu and pretty sure this kind of trojan wouldn't work! Mac has a pretty "case" with nice looking silver color but I don't think the OS and software parts are good enough, so Mac is not my cup of tea.
This requires someone to install. you can easily receive a trojan via a .run script or installer binary for commercial or closed source software without knowing. it only requires root access, which you grant when you install the software. think of the vmware workstation installer. this is no different from any unix based OS. I can't believe you think Ubuntu is any more protected. Learn a little.
Is this a virus?
Didn't think so.
This is social engineering at its finest - an untrusted source, launching executable code (via user action) and gaining elevated privileges (via user input of password).
Welcome to any operating system's severe vulnerability to attack.
Still no viruses on OS X though, beyond that proof of concept thing a while back. Still, 1 versus.... how many on Windows? So many you *require* a dedicated third party app to bog down your system and act as doctor, surgeon and nurse to keep the machine clean?
I'll take OS X thanks.
Also, don't steal software. You're just asking for trouble. This isn't the first time that OS X has been targeted with dodgy copies of software from download sites - I seem to remember an app that claimed to be the MS Office for Mac installer that did nothing except delete the contents of your home folder.
Moral of the story again: Untrusted code could do anything. Don't download copied software.
Perhaps, but then they will get what's coming to them - they take the risk by getting their software from shady sites.
There's a much higher percentage of Mac users who *do* pay for their software though, so this just won't affect them.
It's only $80 or something for iWork. If you really need it, you can afford to buy it (and don;t give me that "some people are so poor" crap - if you can buy a computer, you can budget for the software to run on it).
I'm part of teh evil content industry. If one of my games wrecks your PC, you can sue me. You can track me down easily from my registered company name and bring court proceedings for damages.
Now try doing that to an anonymous cracker from eastern Europe.
The fact that I know I am legally responsible for the software I sell means I make damn sure there is nothing dodgy in it. This is the opposite incentive for pirates.
An example might be the cracked copy of Democracy 2. It crashes when you win the election apparently This isn't in the full version, and is likely a side effect of their crack. What else their crack does I would not like to speculate on, but I sure as hell don't think it's worth risking that they are trustworthy guys to save myself twenty bucks.
DRM-free indie games for the PC and Mac: Positech Games
I just wish someone would do this for the Linux world. I've tried nearly every ISO download under "Applications -> Unix" on The Pirate Bay, but everything seems to be *legal*.
Why then does OpenOffice.org tell us not to use version which are not from there very own server? Legal does not mean free of malware ad-ons.
The truth is: OpenSource makes is easier to attach malware to a download.
Note that I am all in favour of OpenSource - but one should not close his / her eyes from the downside.
That was exactly my point. It's a trojan that relies on social engineering to defeat system security, and that's not unique to any one operating system, Windows, Mac or even your favourite flavour of Linux if you're in the market of using dodgy packages.
I didn't mention anything about porn or music.
The installation of this virus still requires the user to authorise it to do so by entering an admin password. It's far different than many Windows worms which can infect simply by the built-in autorun feature of windows which will feed a worm into your machine as soon as you stick in a USB or floppy inside your box. Macs do have protections from viruses that Windows does not, but like any protection, if you give the vampire entrance, it's all over.
So many you *require* a dedicated third party app
What? Let me fix that for you.
So many you *require* a dedicated third party apps
That's more like it.
Can I bum a sig?
Yes, you could make a "Vubuntu - Ubuntu with Virus edition". But then, how do you get people to download it ?
If you said it protected your bittorrenting from 'The Man' or hid your porn from your mom someone would download it.
Mac users who want a given program are MUCH more likely to actually PAY for their software than those too cheap to buy a decent quality computer.
As opposed to non-Mac users, who are MUCH more likely to actually find FREE (or CHEAP) alternatives than those too stupid to buy a decent quality computer without overpaying out the wazoo.
I don't. And I don't plan on pirating it, either. Perhaps you high-powered graphics designers need the full-blown Photoshop, but I'm fine with GIMP.
(No, I don't want to start a GIMP-vs-Photoshop flame war. I fully realise that some people won't accept GIMP as a substitute, either because they've already paid for and learned Photoshop or because they're one of the rare people – graphics designers or what-have-you – who needs certain features that GIMP doesn't support. I'm just pointing out that probably most average people, like myself, can manage just fine with GIMP, so why go the illegal route?)
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
>This is social engineering at its finest - an untrusted source, launching executable code (via user action
Thats what a trojan is. Its a program claiming to be one thing but is another.
That exactly how all the Windows botnets have been built. People downloading fake codecs, fake flash installers, fake AVs, torrented malware, etc. Granted, there are more viruses and worms for windows, but most, if not 90%, of windows infections come from the same exact method that happened here. A windows user installing malware. I cant remember the last time I had to real with a real virus. Everything is a trojan horse now.
Still no viruses on OS X though, beyond that proof of concept thing a while back
OSX is 100% as vulernable as Windows in this regard. Now that OSX machines have large numbers expect more of this. Innocence is over. If this keeps up you will be running an AV. It will be irresponsible of you not to.
Also, don't steal software. You're just asking for trouble.
Hahaahahaha. Thats what we've been telling windows users for years. They still visit mininova and install "Nero8-cracked" and wonder why their machine is a mess.
no, no, no. Virii in Linux world work on the honor system. You randomly delete a dozen of your files and mail the virus on to everyone in your address book.
More likely it would be fully automated, however it would be delivered as a source tarball, and you'd have to un-tar it, change some file permissions, configure it, compile it, install it, and write a script to start it on boot.
Of course, the first time it runs it would fail, and you'd have to examine the log file, post the error message on a forum, wade through the "RTFM" responses to find a helpful one, use the helpful response to tweak a config file in /etc/virii, and then you're off.
That was exactly my point. It's a trojan that relies on social engineering to defeat system security, and that's not unique to any one operating system, Windows, Mac or even your favourite flavour of Linux if you're in the market of using dodgy packages.
I didn't mention anything about porn or music.
Packages? What about all the random source blobs on the net? Those are usually trusted, and complex enough to hide anything you wanted. A nice juicy OSS Windows Media codec, an Exchange plugin, cool utility, whatever. Beauty of it is trojaning a build system is so much easier to do than an actual app. Although, you could crap out absolutely anything on the other end, and just fail in some obscure way. A hideous GUI slapped together in a few minutes will blend right in with real OSS, so will a broken CLI app.
How often to OSS users compile crap and shrug when the build system breaks. Or just give up when the product fails to work. That's gold to a trojan author.
It comes down to trust, and the Linux community already has a LOT of it. Imagine if it becomes more mainstream, and you have to deal with the type of users that think "Free IM icons.exe" is a good idea.
PS
Don't BS me with 'but, the trojan will be restricted to my home directory', because it could add "~/.mozilla/bin" to your PATH in the blink of an eye (or some evil aliases in your profile), and I'll put money down on you running a trojaned sudo or gksu before discovering what happened. It's all about trust.