New Mac OS X Trojan Horse found in Pirated iWork ’09 software
Attention cheapskates and software pirates! At least 20,000 people have downloaded a pirated copy of iWork 09 from BitTorrent sites containing a malicious Mac Trojan Horse virus, according to security software maker Intego. Upon installation, the OSX.Trojan.iServices.A Trojan Horse, which stows away inside the cracked iWork 09 package, gains read-write-execute permissions for root, and then allows for a malicious user to connect to the Mac remotely. From Intego:
Exploit: OSX.Trojan.iServices.A Trojan Horse
Discovered: January 21, 2009
Risk: SeriousDescription: Intego has discovered a new Trojan horse, OSX.Trojan.iServices.A, which
is currently circulating in copies of Apple’s iWork 09 found on BitTorrent trackers and
other sites containing links to pirated software. The version of iWork 09, Apple’s
productivity suite, are complete and functional, but the installer contains an additional
package called iWorkServices.pkg.
When installing iWork 09, the iWorkServices package is installed. The installer for the
Trojan horse is launched as soon as a user begins the installation of iWork, following
the installer’s request of an administrator password (in older versions of Mac OS X,
10.5.1 or earlier, there will be no password request). This software is installed as a
startup item (in /System/Library/StartupItems/iWorkServices, a location reserved
normally for Apple startup items), where it has read-write-execute permissions for root.
The malicious software connects to a remote server over the Internet; this means that a
malicious user will be alerted that this Trojan horse is installed on different Macs, and
will have the ability to connect to them and perform various actions remotely. The
Trojan horse may also download additional components to an infected Mac.
Obviously Intego suggests running their VirusBarrier software (with the latest virus definitions) to catch the Trojan, but we just recommend you actually pay for the real iWork 09 software.
reminds me of why you should not Pirate. and lets face it iWork is by no means expensive. But I find it astonishing that 20000 people downloaded it… probably an interesting stat for apple planning guys.
BAHAHAHAHA. Brilliant, download it from a torrent site when you can download THE EXACT SAME THING directly from Apple. No, really. You can get the demo from the torrent, or from Apple.
The only extra thing the torrent has is… a serial number.. well, apparently a trojan too. 🙂
good thing I pay for my Apple Software…
iWork is £69 compare to Ms office which is £109 ! so why don’t you buy it! even tho if you have a copy they are not key locked so you can use it if you have 2 machines!
Heed the waring. Pay for software, or this will be like windows soon.
Good thing 3rd party developers make great apps that are reasonable.
Apple obviously expects some piracy, but at the same time. I don’t think they planned for it to be on such a scale. I agree with Steiner, its astonishing that so many people pirate this software.
Of course Apple still benefits from having market-share in the Office suite area, but they can’t gain further revenue in this area once someone has the software on their Mac.
The thing that doesn’t make sense to me is why Mac owners would not be able to afford to buy iWork if they have tested it for the trial period and then actually find a need for it. Its not expensive. If you can afford a Mac, you can afford to buy some software. I happen to just about manage to afford a mac, I’m not rich, but I buy my software if I find I need it.
I wouldn’t be surprised if Steve made the torrent himself…
Take THAT pirates!!!
Go figure, being cheap comes with price
@Kyle B I was thinking the same thing.
How stupid, i bought the real deal but you can get a serial of any random site on the internet… just plain stupid… stupid people attract stupid problems
Why would you pay for iWork when openoffice is free? And more functional – I don’t see anything resembling oo base (or ms access, if you’re more familiar with that) in iWork, and that’s the tool I use most from it.
Arrgh. No “edit comment”??? I was *thinking* “steal iWork” but wrote “pay for iWork”. If you’re to cheap to buy iWork (or need a database tool :-), just use openoffice.
And people wonder why I don’t pirate things. You have what’s coming to you.
I mean, there is no key so you should could buy it with a friend and split the cost. Yes, still illegal, but at least you are buying it right?
Well, you get what you earn … ; )
One of the pluses for me buying a mac was that viruses were few and far between, infact (trying not to sound like the mac newbie i am) i thought they were pretty non existant.
I cant believe some bloody idiot would try to ruin one of the main things that made me respect the mac.
I curse you and your children.
On the other hand i don’t use this particular piece of software, so it doesn’t really effect me, all the same though eh!
Kyle B and ghall – putting a Trojan horse in the wild is in fact illegal and would cause the perpetrator to serve jail time in the USA. Are you saying you believe Steve Jobs to be a criminal?
So does this work true even if you downloaded the trial from Apple’s official site, I’m puzzled…
@ Christophear
Short answer: no. This “problem” only affects those who download it from the torrent sites. Go to Apple’s iWork page and download the demo from there if you want to give it a try. Best way. If you like it, buy it.
Trojan removal available at Secure Mac – http://macscan.securemac.com/files/iWorkServicesTrojanRemovalTool.dmg
I do not pirate stuff, but im hearing more and more about new mac viruses are there any good free mac virus protectors I can get?
Why is it that we only find our about supposed Mac viruses or malware from companies who sell virus removal software?
Intego is probably the source of the virus.
A way to fight this is to pledge never to buy security software from the company who “discovers” the existence of a virus.
What I don’t understand is why people don’t just download the FULL trail version of this software and then find a working serial or patch/k -_-