Trojan Hides In Pirated Copies of Apple iWork '09 431
CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."
Of course (Score:5, Insightful)
cynicism (Score:5, Insightful)
Sometimes I wonder if companies that create security software aren't sometimes guilty of either creating or funding the creation of viruses, trojans, worms, &c. simply to justify their own existence.
Is that cynical?
Why is this a story? (Score:2, Insightful)
Re: But, but.... (Score:4, Insightful)
This requires user action and piracy. No one can -ever- claim that -any- computer is safe from, essentially, social engineering.
If Apple were evil... (Score:3, Insightful)
Comment removed (Score:5, Insightful)
Re:Not a vulnerability (Score:5, Insightful)
Re: But, but.... (Score:5, Insightful)
This requires user action and piracy.
So does 99.99% of windows malware.
No one can -ever- claim that -any- computer is safe from, essentially, social engineering.
Again right. But what's the solution? That is the real question.
Because this is the ecosystem microsoft lives in, we've seen what they're trying... digital signatures on drivers, the inability to put admin items in your startup, UAC prompts... etc, etc.
What is Apple going to do in response to inevitable arrival of social-engineering malware as it gains marketshare?
What is Linux going to if/when it acheives enough marketshare among joe-sixpacks for social engineering to be profitable?
As much as /. likes to take shots at Microsoft, what would you do better? *nix security is just as vulnerable to social engineering as windows is, given the same users.
Re:cynicism (Score:5, Insightful)
They certainly use virus news to justify their existence and the cost of their products. The fact that they exist is tantamount to admitting that no OS can be fully secured.
The harder anti-virus vendors bleat on about how good their product is, the more bragging rights a virus writer will get for walking around the security... among their own crowd. It's more or less a case of putting up a wall and telling the world, there, you can't get past this wall now.
The real trouble with anti-virus vendors is that they tend to convince people that once their product is installed, the end user's pc is safe. It is NOT, and won't ever be. Some of the best virus programs in the world are still out in the wild, running as they were intended to run, collecting and passing information as they are supposed to. Since they are not destructive to normal computer activity, they go undetected. Don't say that such does not exist... I know you have not done forensics on all existent computers. Every now and then we hear about some corporate espionage or attacks from state military groups etc. All of this is just hinting at the real problems: The virus programs we don't know about.
Think about it. If a virus program did some key logging for bank URLs then spread itself a bit, then self destructed... hmmmmm They are seeing more sophisticated virus programs now, and fortunately beginning to look for them. Sadly, you'll have some pretty incredibly long scan times to find some types of malicious software: none of this 45 minute scan by Symantec etc.
Soon, you'll need a multicore CPU just to handle real time scanning. It's a giant whack-a-mole game. Always will be.
Re:Of course (Score:4, Insightful)
It's especially nice if such monitoring software is not "on the radar" of malware sites, since they could include a workaround for such software, as is frequently done for Norton and Symantic on Windows.
Re:Why is this a story? (Score:2, Insightful)
The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password
As I said, it's a PEBKAC error. If you give an installer your admnin password it can do whatever it pleases. Only an idiot installs pirated wares and only a supremely stupid idiot gives said warez the root password. No security paradigm will ever be invented that cannot be undermined by human stupidity.
Re:No, that's impossible. (Score:5, Insightful)
Just this week. [nytimes.com]
A worm differs from a virus only in so much that it doesn't need to copy itself into a system program. For all intents and purposes however, the difference between the two terms is antiquated.
Re:Why is this a story? (Score:3, Insightful)
As I said, it's a PEBKAC error. If you give an installer your admnin password it can do whatever it pleases.
And if you read my post, I'm telling you that is a design flaw in the OS. On a well designed OS, the software has more granularity of permission than "can do everything include connect to random servers" and "can't install". Apple seems to agree with me since they added an ACL framework to restrict applications with a finer level of permissions in the last version, although it is only used for a small subset of applications so far.
Only an idiot installs pirated wares and only a supremely stupid idiot gives said warez the root password.
I think installing pirated software is unethical and risky, but not necessarily stupid. As for giving it the root password, users have to give up their password all the time to install software, which is part of the problem.
No security paradigm will ever be invented that cannot be undermined by human stupidity.
Maybe, maybe not, but you can sure do a heck of a lot more than current, mainstream OS's do now to help users avoid such security threats.
Re: But, but.... (Score:3, Insightful)
So does 99.99% of windows malware.
Somehow I doubt that Windows worms and exploits only make up .001% of all Windows malware. The old lsass exploit (yeah, I know you remember) was pretty widespread and only required an internet connection and an unpatched Windows 2000/maybe XP machine. ...But it was only a part of the .001% of non-user interactive malware that your statistics seem to assert.
Re:Of course (Score:5, Insightful)
You got two fingers [macosxhints.com]? (If not, sorry, I'm an insensitive clod.)
Re: But, but.... (Score:4, Insightful)
You can safely say that, out of the box, Apple's OS is safer than Microsoft's (and you can make up your own reasons why), and this particular "virus" (it's a trojan, not a virus) isn't related to a vulnerability in the OS. It's related to a vulnerability in a trusting user. It's vastly different than an exploit that antivirus programs are designed to watch for. No antivirus would protect someone from this, unless it was known already as a trojan (then an update would have to show up, etc.) But you begin to see the fallacy of blaming Apple for social engineering. Educating the novices of ANY OS is something we should be doing, rather than trying to have a pissing contest between Jobs and Ballmer.
How is this news? (Score:2, Insightful)
Software programs downloaded from third-party pirate sites can contain trojans.
Film at 11!
It's not like trojans are unusual, they are commonplace, and a risk for every computer user who thinks about running things from untrusted sources.
Re:Not that I condone piracy but (Score:5, Insightful)
Note to keygen creators: I do not want to hear your brother's crappy techno remixes when using your app. Is there some way I can pay you to disable this feature?
Erm, you can indeed. You can pay money to buy a legit serial number - voila - no crappy techno music.
-Em
Re:Now unveiling... (Score:5, Insightful)
Go learn about the difference between a virus and a trojan.
Re:Of course (Score:1, Insightful)
Don't worry too much Cargile you'll figure out the right click eventually. That feature has only been available for the Mac since pre OS X.
With the Admin password, it is easy to kill "Little Snitch" and I would trust entering an Admin password for an Apple app. But if you are bootlegging then you are just looking for it.
Re:Now unveiling... (Score:0, Insightful)
complete with virii and rootkits.
Argh. Please don't say "virii", even ironically. It encourages idiots.
Pirates (Score:5, Insightful)
Not to troll, but as far as I'm concerned anyone who pirates software deserves it...
Re:Then We should use Ubuntu! (Score:2, Insightful)
I am using Ubuntu and pretty sure this kind of trojan wouldn't work! Mac has a pretty "case" with nice looking silver color but I don't think the OS and software parts are good enough, so Mac is not my cup of tea.
This requires someone to install. you can easily receive a trojan via a .run script or installer binary for commercial or closed source software without knowing. it only requires root access, which you grant when you install the software. think of the vmware workstation installer. this is no different from any unix based OS. I can't believe you think Ubuntu is any more protected. Learn a little.
Re:Now unveiling... (Score:4, Insightful)
Is this a virus?
Didn't think so.
This is social engineering at its finest - an untrusted source, launching executable code (via user action) and gaining elevated privileges (via user input of password).
Welcome to any operating system's severe vulnerability to attack.
Still no viruses on OS X though, beyond that proof of concept thing a while back. Still, 1 versus.... how many on Windows? So many you *require* a dedicated third party app to bog down your system and act as doctor, surgeon and nurse to keep the machine clean?
I'll take OS X thanks.
Also, don't steal software. You're just asking for trouble. This isn't the first time that OS X has been targeted with dodgy copies of software from download sites - I seem to remember an app that claimed to be the MS Office for Mac installer that did nothing except delete the contents of your home folder.
Moral of the story again: Untrusted code could do anything. Don't download copied software.
Re:Now unveiling... (Score:3, Insightful)
Perhaps, but then they will get what's coming to them - they take the risk by getting their software from shady sites.
There's a much higher percentage of Mac users who *do* pay for their software though, so this just won't affect them.
It's only $80 or something for iWork. If you really need it, you can afford to buy it (and don;t give me that "some people are so poor" crap - if you can buy a computer, you can budget for the software to run on it).
Re: But, but.... (Score:3, Insightful)
I'm part of teh evil content industry. If one of my games wrecks your PC, you can sue me. You can track me down easily from my registered company name and bring court proceedings for damages.
Now try doing that to an anonymous cracker from eastern Europe.
The fact that I know I am legally responsible for the software I sell means I make damn sure there is nothing dodgy in it. This is the opposite incentive for pirates.
An example might be the cracked copy of Democracy 2. It crashes when you win the election apparently This isn't in the full version, and is likely a side effect of their crack. What else their crack does I would not like to speculate on, but I sure as hell don't think it's worth risking that they are trustworthy guys to save myself twenty bucks.
OpenSource and Malware (Score:3, Insightful)
I just wish someone would do this for the Linux world. I've tried nearly every ISO download under "Applications -> Unix" on The Pirate Bay, but everything seems to be *legal*.
Why then does OpenOffice.org tell us not to use version which are not from there very own server? Legal does not mean free of malware ad-ons.
The truth is: OpenSource makes is easier to attach malware to a download.
Note that I am all in favour of OpenSource - but one should not close his / her eyes from the downside.
Re:Now unveiling... (Score:5, Insightful)
That was exactly my point. It's a trojan that relies on social engineering to defeat system security, and that's not unique to any one operating system, Windows, Mac or even your favourite flavour of Linux if you're in the market of using dodgy packages.
I didn't mention anything about porn or music.
Re:Now unveiling... (Score:4, Insightful)
Re:Now unveiling... (Score:3, Insightful)
So many you *require* a dedicated third party app
What? Let me fix that for you.
So many you *require* a dedicated third party apps
That's more like it.
Re:Hard on Linux and other OSS. (Score:2, Insightful)
Yes, you could make a "Vubuntu - Ubuntu with Virus edition". But then, how do you get people to download it ?
If you said it protected your bittorrenting from 'The Man' or hid your porn from your mom someone would download it.
Re:If Apple were evil... (Score:2, Insightful)
How exactly would they get these offers? If one company can locate them, then so can the others, including the ones interested in suing them.
Besides, I sincerely doubt that anyone would waste their time breaking into someone else's account just so that they could upload an infected torrent that would be removed within the hour.
Finally, there are the comments - people will warn you if the torrent is infected.
Re:Now unveiling... (Score:1, Insightful)
Mac users who want a given program are MUCH more likely to actually PAY for their software than those too cheap to buy a decent quality computer.
As opposed to non-Mac users, who are MUCH more likely to actually find FREE (or CHEAP) alternatives than those too stupid to buy a decent quality computer without overpaying out the wazoo.
Re:Not that I condone piracy but (Score:3, Insightful)
I don't. And I don't plan on pirating it, either. Perhaps you high-powered graphics designers need the full-blown Photoshop, but I'm fine with GIMP.
(No, I don't want to start a GIMP-vs-Photoshop flame war. I fully realise that some people won't accept GIMP as a substitute, either because they've already paid for and learned Photoshop or because they're one of the rare people – graphics designers or what-have-you – who needs certain features that GIMP doesn't support. I'm just pointing out that probably most average people, like myself, can manage just fine with GIMP, so why go the illegal route?)
Re:Now unveiling... (Score:2, Insightful)
>This is social engineering at its finest - an untrusted source, launching executable code (via user action
Thats what a trojan is. Its a program claiming to be one thing but is another.
That exactly how all the Windows botnets have been built. People downloading fake codecs, fake flash installers, fake AVs, torrented malware, etc. Granted, there are more viruses and worms for windows, but most, if not 90%, of windows infections come from the same exact method that happened here. A windows user installing malware. I cant remember the last time I had to real with a real virus. Everything is a trojan horse now.
Still no viruses on OS X though, beyond that proof of concept thing a while back
OSX is 100% as vulernable as Windows in this regard. Now that OSX machines have large numbers expect more of this. Innocence is over. If this keeps up you will be running an AV. It will be irresponsible of you not to.
Also, don't steal software. You're just asking for trouble.
Hahaahahaha. Thats what we've been telling windows users for years. They still visit mininova and install "Nero8-cracked" and wonder why their machine is a mess.
Re:Now unveiling... (Score:1, Insightful)
no, no, no. Virii in Linux world work on the honor system. You randomly delete a dozen of your files and mail the virus on to everyone in your address book.
More likely it would be fully automated, however it would be delivered as a source tarball, and you'd have to un-tar it, change some file permissions, configure it, compile it, install it, and write a script to start it on boot.
Of course, the first time it runs it would fail, and you'd have to examine the log file, post the error message on a forum, wade through the "RTFM" responses to find a helpful one, use the helpful response to tweak a config file in /etc/virii, and then you're off.
Re:Pirates (Score:2, Insightful)
So I assume you would be in favour of trojaned pirated mp3s deleting your music collection?
There are no "ethical" virus writers. Do not pretend this was done as some sort of moralistic point. They are building botnets, and that is wrong.
Period.
Re:Now unveiling... (Score:1, Insightful)
That was exactly my point. It's a trojan that relies on social engineering to defeat system security, and that's not unique to any one operating system, Windows, Mac or even your favourite flavour of Linux if you're in the market of using dodgy packages.
I didn't mention anything about porn or music.
Packages? What about all the random source blobs on the net? Those are usually trusted, and complex enough to hide anything you wanted. A nice juicy OSS Windows Media codec, an Exchange plugin, cool utility, whatever. Beauty of it is trojaning a build system is so much easier to do than an actual app. Although, you could crap out absolutely anything on the other end, and just fail in some obscure way. A hideous GUI slapped together in a few minutes will blend right in with real OSS, so will a broken CLI app.
How often to OSS users compile crap and shrug when the build system breaks. Or just give up when the product fails to work. That's gold to a trojan author.
It comes down to trust, and the Linux community already has a LOT of it. Imagine if it becomes more mainstream, and you have to deal with the type of users that think "Free IM icons.exe" is a good idea.
PS
Don't BS me with 'but, the trojan will be restricted to my home directory', because it could add "~/.mozilla/bin" to your PATH in the blink of an eye (or some evil aliases in your profile), and I'll put money down on you running a trojaned sudo or gksu before discovering what happened. It's all about trust.