Slashdot Mirror
Trojan Hides In Pirated Copies of Apple iWork '09
CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."
The iPwn!
Women are like electronics: you don't know how damaged they are until you try to turn them on.
Why not download the Trial version and unlock it with one of the million serials out there?
Faster! Faster! Faster would be better!
Sometimes I wonder if companies that create security software aren't sometimes guilty of either creating or funding the creation of viruses, trojans, worms, &c. simply to justify their own existence.
Is that cynical?
If only Apple hadn't stripped out the DRM this would have never happened!
Haven't you seen the ads? Mac OS X doesn't get viruses. This story is a complete fabrication, bankrolled by Microsoft, created to instil fear in The Perfect Operating System. Please link real stories next time.
That it is the easiest trojan to use ever. Bravo, Apple.
Since when does a PEBKAC error count as news? If you're idiot enough to install pirated software then you deserve what you get - and absolutely nobody can protect a computer system against user stupidity.
Power does not corrupt - power attracts the corrupt.
This requires user action and piracy. No one can -ever- claim that -any- computer is safe from, essentially, social engineering.
If Apple were evil they could deliberately put hacked versions onto filesharing sites. More seriously, this is a good example of why even pirating software is really not a good idea. Unless you know exactly who you are downloading from you don't know what you are getting. Very little commercial software has nice little checksums or hashes that are easily available for you to verify. Downloading pirated software is a bit like having unprotected sex with a stranger. It might feel real good now, but you are going to regret it later.
Late last year, in fact, when Apple revised an online recommendation that Mac users consider running antivirus software, the move drew lots of attention.
Most antivirus programs on os x actually scan for Windows viruses only, and are totally useless against almost all os x malware. The only software vendor that I know of that makes anti-malware programs for native OS X malware is Intego. Intego make great software and are mentioned in this article, but what about all the mac users out there who get a mac virus scanner that only scans for windows viruses? A lot of people are being duped.
I don't think anyone would blame Microsoft for user-installed malware. It's when you get something simply by going to a website, clicking a link, mounting a drive, or even just hooking it up to the internet that can be blamed on lousy code. When malicious nasties get onto OS X by any of the above with no real action on the user's part, then you we can all blame Apple just like we blamed Microsoft. Until then, it's just a PEBKAC issue.
This requires user action and piracy.
So does 99.99% of windows malware.
No one can -ever- claim that -any- computer is safe from, essentially, social engineering.
Again right. But what's the solution? That is the real question.
Because this is the ecosystem microsoft lives in, we've seen what they're trying... digital signatures on drivers, the inability to put admin items in your startup, UAC prompts... etc, etc.
What is Apple going to do in response to inevitable arrival of social-engineering malware as it gains marketshare?
What is Linux going to if/when it acheives enough marketshare among joe-sixpacks for social engineering to be profitable?
As much as /. likes to take shots at Microsoft, what would you do better? *nix security is just as vulnerable to social engineering as windows is, given the same users.
If it can install a launch agent/daemon, it runs as system with full access to anything. And all it takes to install a launch agent/daemon is your admin password.
Um most pirated software is clean of malware. The primary vectors are email and infected websites (often reputable ones that are compromised themselves, often due to sketchy)
The "piracy has VIRUSES!" myth is very much a content industry creation. I'm more concerned about malware in "genuine" software than pirated, and one more reason that I pirate things when I do. Of course, you -are- running an executable from a total stranger. At least "genuine" software makers have it tied to their name, so this could easily become truer.
Given that all three OSes have sudo, social engineering will ALWAYS work. Unless we take sudo away from average users (which is far easier to get away with on linux than windows and still have everything work smoothly)
If you're really paranoid, you might consider running your browser and mail client in a virtual machine
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
The biggest w32 virus right now only requires the user to click on what appears to be the normal choice for safe viewing of USB key contents, but other USB trojans don't even need that much. Most of the other forms of malware are installed via drive-by download or by worm propogation. I doubt 99.99% of malware needs user action, or worms, USB Trojans, and drive bys wouldn't be so dangerously prevalent.
I guess you could call "visiting a website" or "plugging in a USB key" user user action, but there's no action needed to be infected by a worm.
Wait. You're right. Users have to turn on their machines.
Put identity in the browser.
Lol viruses? Get a Mac. Oh wait.
As long as there are crackers without girlfriends in the world, they don't need to.
I propose starting a new anti-virus company that will focus on dates for crackers rather than OS security.
greed@All_Evils:~#
So does 99.99% of windows malware.
Somehow I doubt that Windows worms and exploits only make up .001% of all Windows malware. The old lsass exploit (yeah, I know you remember) was pretty widespread and only required an internet connection and an unpatched Windows 2000/maybe XP machine. ...But it was only a part of the .001% of non-user interactive malware that your statistics seem to assert.
I don't steal software, ever, but it is a well known fact (among Mac users) that iWork can be downloaded direct from Apple. All it takes is a valid serial number and you are ready to go. Why the heck would anybody bother firing up a torrent?
Have you downloaded something using Apple's servers? I get a solid 1MB/s+ almost all the time, pretty much maxing out my entire connection. It's very rare for me to get anywhere near that on ANY torrent, even very popular ones - plus Apple doesn't ask me to upload the same amount for proper etiquette.
How are sites slashdotted when nobody reads TFAs?
They don't encourage users NOT to install... they simply don't hawk the virus software as a crutch to avoid good common sense. That's not to say that Windows (or more specifically Microsoft) does, it's just the nature of the OS itself that dictates what might be vs. what might not be.
You can safely say that, out of the box, Apple's OS is safer than Microsoft's (and you can make up your own reasons why), and this particular "virus" (it's a trojan, not a virus) isn't related to a vulnerability in the OS. It's related to a vulnerability in a trusting user. It's vastly different than an exploit that antivirus programs are designed to watch for. No antivirus would protect someone from this, unless it was known already as a trojan (then an update would have to show up, etc.) But you begin to see the fallacy of blaming Apple for social engineering. Educating the novices of ANY OS is something we should be doing, rather than trying to have a pissing contest between Jobs and Ballmer.
It's the Stay-Puft Marshmallow Man.
Software programs downloaded from third-party pirate sites can contain trojans.
Film at 11!
It's not like trojans are unusual, they are commonplace, and a risk for every computer user who thinks about running things from untrusted sources.
Not to troll, but as far as I'm concerned anyone who pirates software deserves it...
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
I am using Ubuntu and pretty sure this kind of trojan wouldn't work! Mac has a pretty "case" with nice looking silver color but I don't think the OS and software parts are good enough, so Mac is not my cup of tea.
This requires someone to install. you can easily receive a trojan via a .run script or installer binary for commercial or closed source software without knowing. it only requires root access, which you grant when you install the software. think of the vmware workstation installer. this is no different from any unix based OS. I can't believe you think Ubuntu is any more protected. Learn a little.
Um most pirated software is clean of malware. The primary vectors are email and infected websites (often reputable ones that are compromised themselves, often due to sketchy)
Well, if as few as 10% of the pirated software has viruses, then anyone who downloads and installs 10 software apps has roughly a 66% chance of getting something. It seems bizarre that malware creators wouldn't use pirated software to spread keyloggers and other nasty stuff. I mean - if I went to a website and got a popup to download and install an exe, or I got something in my email that said to run an exe, I'd NEVER do it. And neither would most tech-savy people. But, people who pirate software are installing the software they're downloading. That's a malware-creator's dream come true. I'm sure mafia and identity-theft criminals love the idea (and they can create lots of seeders to create the illusion of being legit).
The "piracy has VIRUSES!" myth is very much a content industry creation.
Uh huh. And the ""piracy has viruses" is a myth" myth is advocated by people who want to believe piracy is totally safe.
I'm more concerned about malware in "genuine" software than pirated, and one more reason that I pirate things when I do.
Well, pirated software has the "malware" created by the genuine software manufacturers plus the malware added to it by anyone who wants to add a trojan.
Their alert, unlike every other antivirus company alert, does not tell you how to remove the trojan.
Nice.
sudo -s (enter password) /System/Library/StartupItems/iWorkServices
/private/tmp/.iWorkServices
/usr/bin/iWorkServices
/Library/Receipts/iWorkServices.pkg
rm -r
rm
rm
rm -r
killall -9 iWorkServices
Mod parent informative.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
The primary vectors are email and infected websites (often reputable ones that are compromised themselves, often due to sketchy)
A-ha! I knew that there was one mastermind behind all of this. Now we only have to catch sketchy!
I'm part of teh evil content industry. If one of my games wrecks your PC, you can sue me. You can track me down easily from my registered company name and bring court proceedings for damages.
Now try doing that to an anonymous cracker from eastern Europe.
The fact that I know I am legally responsible for the software I sell means I make damn sure there is nothing dodgy in it. This is the opposite incentive for pirates.
An example might be the cracked copy of Democracy 2. It crashes when you win the election apparently This isn't in the full version, and is likely a side effect of their crack. What else their crack does I would not like to speculate on, but I sure as hell don't think it's worth risking that they are trustworthy guys to save myself twenty bucks.
DRM-free indie games for the PC and Mac: Positech Games
I just wish someone would do this for the Linux world. I've tried nearly every ISO download under "Applications -> Unix" on The Pirate Bay, but everything seems to be *legal*.
Why then does OpenOffice.org tell us not to use version which are not from there very own server? Legal does not mean free of malware ad-ons.
The truth is: OpenSource makes is easier to attach malware to a download.
Note that I am all in favour of OpenSource - but one should not close his / her eyes from the downside.
Yes, you could make a "Vubuntu - Ubuntu with Virus edition". But then, how do you get people to download it ?
If you said it protected your bittorrenting from 'The Man' or hid your porn from your mom someone would download it.
Im running windows...
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
But then how will I describe it when more than one virus infects my boxen?