Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Hides In Pirated Copies of Apple iWork '09

Posted by timothy on from the good-reason-not-to-pirate-software dept.

CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."

17 of 431 comments (clear)

  1. Now unveiling... by Majik+Sheff · · Score: 5, Funny

    The iPwn!

    --
    Women are like electronics: you don't know how damaged they are until you try to turn them on.
    1. Re:Now unveiling... by Anonymous Coward · · Score: 5, Insightful

      Go learn about the difference between a virus and a trojan.

    2. Re:Now unveiling... by guitarpy · · Score: 5, Funny

      I'd like to take this opportunity to welcome mac users to the pc world...I mean really....pirated software with a virus...who would have seen that one coming?

      --
      In the immortal words of Sorates, "I drank what?"
    3. Re:Now unveiling... by Anonymous Coward · · Score: 5, Funny

      Go explain the difference to a Mac user.

    4. Re:Now unveiling... by darkpixel2k · · Score: 5, Funny

      I'd like to take this opportunity to welcome mac users to the pc world...I mean really....pirated software with a virus...who would have seen that one coming?

      I just wish someone would do this for the Linux world. I've tried nearly every ISO download under "Applications -> Unix" on The Pirate Bay, but everything seems to be *legal*.

      It won't be the year of Linux on the Desktop(tm) until you can download pirated linux applications from The Pirate Bay complete with virii and rootkits.

      --
      There's no place like ::1 (I've completed my transition to IPv6)
    5. Re:Now unveiling... by Anonymous Coward · · Score: 5, Funny

      Argh. Please don't say "virii", even ironically. It encourages idiots.

      QED

  2. Of course by ColdWetDog · · Score: 5, Insightful

    About Intego

    Intego develops and sells desktop Internet security and privacy software for Macintosh.

    --
    Faster! Faster! Faster would be better!
  3. cynicism by bwthomas · · Score: 5, Insightful

    Sometimes I wonder if companies that create security software aren't sometimes guilty of either creating or funding the creation of viruses, trojans, worms, &c. simply to justify their own existence.

    Is that cynical?

    1. Re:cynicism by zappepcs · · Score: 5, Insightful

      They certainly use virus news to justify their existence and the cost of their products. The fact that they exist is tantamount to admitting that no OS can be fully secured.

      The harder anti-virus vendors bleat on about how good their product is, the more bragging rights a virus writer will get for walking around the security... among their own crowd. It's more or less a case of putting up a wall and telling the world, there, you can't get past this wall now.

      The real trouble with anti-virus vendors is that they tend to convince people that once their product is installed, the end user's pc is safe. It is NOT, and won't ever be. Some of the best virus programs in the world are still out in the wild, running as they were intended to run, collecting and passing information as they are supposed to. Since they are not destructive to normal computer activity, they go undetected. Don't say that such does not exist... I know you have not done forensics on all existent computers. Every now and then we hear about some corporate espionage or attacks from state military groups etc. All of this is just hinting at the real problems: The virus programs we don't know about.

      Think about it. If a virus program did some key logging for bank URLs then spread itself a bit, then self destructed... hmmmmm They are seeing more sophisticated virus programs now, and fortunately beginning to look for them. Sadly, you'll have some pretty incredibly long scan times to find some types of malicious software: none of this 45 minute scan by Symantec etc.

      Soon, you'll need a multicore CPU just to handle real time scanning. It's a giant whack-a-mole game. Always will be.

      --
      Support NYCountryLawyer RIAA vs People
  4. Re: But, but.... by vux984 · · Score: 5, Insightful

    This requires user action and piracy.

    So does 99.99% of windows malware.

    No one can -ever- claim that -any- computer is safe from, essentially, social engineering.

    Again right. But what's the solution? That is the real question.

    Because this is the ecosystem microsoft lives in, we've seen what they're trying... digital signatures on drivers, the inability to put admin items in your startup, UAC prompts... etc, etc.

    What is Apple going to do in response to inevitable arrival of social-engineering malware as it gains marketshare?
    What is Linux going to if/when it acheives enough marketshare among joe-sixpacks for social engineering to be profitable?

    As much as /. likes to take shots at Microsoft, what would you do better? *nix security is just as vulnerable to social engineering as windows is, given the same users.

  5. Re:No, that's impossible. by AKAImBatman · · Score: 5, Insightful

    And how long has it been since a true virus was attacking windows?

    Just this week.

    It's always trojans, worms or adware and has been for several years.

    A worm differs from a virus only in so much that it doesn't need to copy itself into a system program. For all intents and purposes however, the difference between the two terms is antiquated.

    --
    Javascript + Nintendo DSi = DSiCade
  6. Re: But, but.... by calmofthestorm · · Score: 5, Interesting

    Um most pirated software is clean of malware. The primary vectors are email and infected websites (often reputable ones that are compromised themselves, often due to sketchy)

    The "piracy has VIRUSES!" myth is very much a content industry creation. I'm more concerned about malware in "genuine" software than pirated, and one more reason that I pirate things when I do. Of course, you -are- running an executable from a total stranger. At least "genuine" software makers have it tied to their name, so this could easily become truer.

    Given that all three OSes have sudo, social engineering will ALWAYS work. Unless we take sudo away from average users (which is far easier to get away with on linux than windows and still have everything work smoothly)

    If you're really paranoid, you might consider running your browser and mail client in a virtual machine

    --
    93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
  7. New anti-virus company by Narnie · · Score: 5, Funny

    As long as there are crackers without girlfriends in the world, they don't need to.

    I propose starting a new anti-virus company that will focus on dates for crackers rather than OS security.

    --
    greed@All_Evils:~#
  8. Re:Not that I condone piracy but by FearForWings · · Score: 5, Funny

    Then you don't get the trojan from iWorks, but from the keygen that further frustrates you by playing an annoying and loud tune while you go through the serial generating process.

    Note to keygen creators: I do not want to hear your brother's crappy techno remixes when using your app. Is there some way I can pay you to disable this feature?

    --
    I don't know about angles, but it's fear that gives men wings. -Max Payne
  9. Re:Not that I condone piracy but by Em+Ellel · · Score: 5, Insightful

    Note to keygen creators: I do not want to hear your brother's crappy techno remixes when using your app. Is there some way I can pay you to disable this feature?

    Erm, you can indeed. You can pay money to buy a legit serial number - voila - no crappy techno music.

    -Em

    --
    RelevantElephants: A Somatic WebComic...
  10. Re:Nice of them to tell you how to remove it. by nawcom · · Score: 5, Informative

    Their alert, unlike every other antivirus company alert, does not tell you how to remove the trojan.

    Nice.

    sudo -s (enter password)
    rm -r /System/Library/StartupItems/iWorkServices
    rm /private/tmp/.iWorkServices
    rm /usr/bin/iWorkServices
    rm -r /Library/Receipts/iWorkServices.pkg
    killall -9 iWorkServices

  11. Re:Not that I condone piracy but by hachete · · Score: 5, Funny

    (Actually, I think all of my software is totally legit except for Photoshop, and I plan to buy it eventually)

    We all plan to buy Photoshop.

    --
    Patriotism is a virtue of the vicious