Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security OS X Operating Systems Software

Trojan Hides In Pirated Copies of Apple iWork '09 431

Posted by timothy from the good-reason-not-to-pirate-software dept.
CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."
This discussion has been archived. No new comments can be posted.

Trojan Hides In Pirated Copies of Apple iWork '09 More

Trojan Hides In Pirated Copies of Apple iWork '09

Comments Filter:

  • Re: But, but.... (Score:2, Informative)

    by Daengbo ( 523424 ) <daengbo&gmail,com> on Friday January 23, 2009 @12:21AM (#26570423) Homepage Journal

    The biggest w32 virus right now only requires the user to click on what appears to be the normal choice for safe viewing of USB key contents, but other USB trojans don't even need that much. Most of the other forms of malware are installed via drive-by download or by worm propogation. I doubt 99.99% of malware needs user action, or worms, USB Trojans, and drive bys wouldn't be so dangerously prevalent.

    I guess you could call "visiting a website" or "plugging in a USB key" user user action, but there's no action needed to be infected by a worm.

    Wait. You're right. Users have to turn on their machines.

  • Why not download directly from Apple? (Score:5, Informative)

    by WiiVault ( 1039946 ) on Friday January 23, 2009 @12:49AM (#26570615)
    I don't steal software, ever, but it is a well known fact (among Mac users) that iWork can be downloaded direct from Apple. All it takes is a valid serial number and you are ready to go. Why the heck would anybody bother firing up a torrent?

  • Re:Not that I condone piracy but (Score:5, Informative)

    by Firehed ( 942385 ) on Friday January 23, 2009 @12:52AM (#26570645) Homepage

    Not that I'd ever use a keygen or anything, but that's definitely only a Windows problem. From what I *cough* hear, most apps are either pre-cracked, have a drag-and-drop crack (how Mac-like), or just need any of a hundred serials floating around with no further mess.

    (Actually, I think all of my software is totally legit except for Photoshop, and I plan to buy it eventually)

  • Re:Why pirate iWork (Score:3, Informative)

    by Firehed ( 942385 ) on Friday January 23, 2009 @12:58AM (#26570677) Homepage

    Have you downloaded something using Apple's servers? I get a solid 1MB/s+ almost all the time, pretty much maxing out my entire connection. It's very rare for me to get anywhere near that on ANY torrent, even very popular ones - plus Apple doesn't ask me to upload the same amount for proper etiquette.

  • Re:Not that I condone piracy but (Score:5, Informative)

    by djupedal ( 584558 ) on Friday January 23, 2009 @01:09AM (#26570751)

    Apple removed serial number requirements from iWork '09 - just install for the CD and go.

    Now, explain again how to use a sn with a crippled trail, please...

  • Re:cynicism (Score:2, Informative)

    by LiENUS ( 207736 ) <slashdot@@@vetmanage...com> on Friday January 23, 2009 @01:26AM (#26570867) Homepage

    Think about it. If a virus program did some key logging for bank URLs then spread itself a bit, then self destructed... hmmmmm They are seeing more sophisticated virus programs now, and fortunately beginning to look for them. Sadly, you'll have some pretty incredibly long scan times to find some types of malicious software: none of this 45 minute scan by Symantec etc.

    Presumably you mean worm programs not virus programs. Virus programs are typically very obvious as they modify the executables on the system they infect. These modifications are easily detected as the checksums (md5, crc, whatever) change and someone notices.

  • Re:Now unveiling... (Score:2, Informative)

    by Anonymous Coward on Friday January 23, 2009 @02:06AM (#26571047)

    It was obvious to anyone with half a brain

    Well that leaves you out. This is simply a malicious program. Obviously any computer that can run software can run malicious software.

  • Re:Nice of them to tell you how to remove it. (Score:5, Informative)

    by nawcom ( 941663 ) on Friday January 23, 2009 @02:57AM (#26571341) Homepage

    Their alert, unlike every other antivirus company alert, does not tell you how to remove the trojan.

    Nice.

    sudo -s (enter password)
    rm -r /System/Library/StartupItems/iWorkServices
    rm /private/tmp/.iWorkServices
    rm /usr/bin/iWorkServices
    rm -r /Library/Receipts/iWorkServices.pkg
    killall -9 iWorkServices

  • Mod parent up. removal instructions. (Score:3, Informative)

    by plasmacutter ( 901737 ) on Friday January 23, 2009 @03:19AM (#26571475)

    Mod parent informative.

  • Re:Of course (Score:3, Informative)

    by biocute ( 936687 ) on Friday January 23, 2009 @04:39AM (#26571899)

    I can confirmed LittleSnitch works like a charm.

    The site above doesn't provide free download, so I went to an abundantware site called ThePirateBay.org.

    I'm surprised this little germ even comes with pre-whitelist feature and several connections that I've never heard of have already been pre-allowed.

    Truly a time-saver.

  • Re:Not that I condone piracy but (Score:2, Informative)

    by TheNetAvenger ( 624455 ) on Friday January 23, 2009 @07:05AM (#26572571)

    except for Photoshop, and I plan to buy it eventually

    The funny part of this, is Photoshop is one of the few pieces of software that has the Adobe Phone Home features that is not cracked or disabled 99% of the time.

    So your computer name, info, IP, MAC Address, etc are sent to Adobe with 99% of the 'cracked' copies out there running around for both the PC and Mac.

    Be sure to unplug that iCable when you use it... :)

  • Re:Now unveiling... (Score:2, Informative)

    by amiga3D ( 567632 ) on Friday January 23, 2009 @09:42AM (#26573611)

    "Moral of the story again: Untrusted code could do anything. Don't download copied software."

    But often in the case of the Mac, this may be your ONLY way to get software, for older machines. run the newer stuff, say the new iLife versions? You can't buy the older ones....where are you supposed to get it?

    Try ebay, or one of numerous mac software houses. Older versions of iLife can be picked up for next to nothing complete with the retail box. If you fool around in the cesspool of piracy don't be suprised if you end up with a bad smell.

  • Re:Pirates (Score:2, Informative)

    by Damn The Torpedoes ( 1279448 ) <wraymund@berklee.net> on Friday January 23, 2009 @10:49AM (#26574363)
    Yea, they deserve it. They also deserve any repercussions from their ISP's due to their computer performing the trojan's payload. Frankly, if you download illegally, you're incurring a very real risk. Deal with it, or don't pirate; it's as simple as that.

  • Re:Now unveiling... (Score:2, Informative)

    by Tyrannicsupremacy ( 1354431 ) on Friday January 23, 2009 @01:08PM (#26576539)
    It's viruses, not virii.

Slashdot Top Deals

The one day you'd sell your soul for something, souls are a glut.

Close