Filed under: Internet, Security, Apple
Surprise, Mac users! Pirated iWork download contains a trojan
While it may not be the specific torrent in the screenshot, Mac users may want to stay away from any iWork downloads until there's a bit more information available. Intego, who develop security applications for Mac, report that more than 20,000 people have already downloaded the infected torrents.
The trojan installs as soon as a user begins installing iWork, and then sends a notification to a remote server to announce a new host. It also installs into /System/Library/StartupItems/iWorkServices with full permissions to read, write, and execute.
Yes Windows users, I can hear you snickering.
Nevertheless, this should serve as another reminder to all of us: be careful what you download, especially if it's from an unknown or untrusted source.
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Thanh Nguyen said 8:09PM on 1-22-2009
Isn't that what you get for downloaded pirated software?
Remember, the problem is between the keyboard and chair.
Reply
Victor Agreda, Jr. said 9:31PM on 1-22-2009
Awesome.
Cameron said 8:15PM on 1-22-2009
Mac Users... HAHAHAHAHA
Reply
Mike said 8:28PM on 1-22-2009
> Yes Windows users, I can hear you snickering.
Snickering? Heck, I actually laughed out loud!
Reply
jacob said 10:48PM on 1-22-2009
>>Nevertheless, this should serve as another reminder to all of us: be careful what you download, especially if it's from an unknown or untrusted source.
How about, "Nevertheless, this should serve as another reminder to all of us: don't steal stuff."
Although pirating software is easier to get away with than, say, robbing a bank, it certainly isn't any less illegal (or stupid).
Reply
dano272 said 10:54PM on 1-22-2009
"Macs are getting more popular, so it stands to reason that we're going to start seeing more of this"
Oh - so the whole reason macs are impervious to viruses is because they're just not popular enough? That makes sense. Kinda the same reason ugly chicks don't get herpes?
Reply
Lee Mathews said 10:56PM on 1-22-2009
I think it's pretty widely accepted that malware development for Mac is what it is because of Apple's relatively small market share.
Makes sense to me, anyway.
kojo87 said 1:19AM on 1-23-2009
yeah makes perfect sense. why bother writing a virus if its not going to infect many computers.
does this mean Apple is going to make its own anti-virus and charge some outrageous price for it?
ronmoses said 2:54PM on 1-23-2009
Absolutely. It's called "security by obscurity" and it's widely acknowledged as the primary reason for the low number of Mac viruses/trojans/malware. This doesn't mean Macs aren't secure, and it's not a jab at Apple, it's just a simple statistical truth.
Fozzy Bear said 10:12PM on 1-22-2009
keep in the mind... the only reason this works is because the user acknowledges and gives permission via password authentication that this installer can have read/write access to install iWork and the Trojan... otherwise, it's DOA just like anything else they try to sneak into a Mac.
Reply
blah said 10:32PM on 1-22-2009
also keep in mind that from Vista forward, even if you are logged on as administrator a UAC prompt would come asking the user to allow any installer to continue. BUT, windows users seem to consider clicking "Continue" or "allow" a nuisance before installing programs where as mac and linux users flaunt entering their password before installing programs as a security feature (UAC and sudo have the same idea, different style of implementation. personally, i like sudo better but UAC also works for stopping trojan installers such as these.)
Jash Sayani said 4:27AM on 1-23-2009
Just check the reputation of the uploader ! As simple as that!!
BTW, I can't believe that people are keeping so close watches on torrent sites....
Reply
abdar said 8:16AM on 1-23-2009
Lol, yes we can hear you windows user snickering...but during all that, your pc has probably downloaded 5 viruses and crashed
Reply
Stuart Halliday said 10:59AM on 1-23-2009
I'm a Windows IT adminstrator.
Will dumb Windows users repeat 100 times: A Trojan is NOT a Virus.
Anyone can write a Trojan. It's just a program within a program after all.
I've yet to see a Virus reported running on a Mac.
i.e. A Virus is a program that uses exploits in a computer's OS to reproduce itself unknowing to the user.
:-)
Reply
meGrimlock said 3:10PM on 1-23-2009
you're forgetting a widely accepted definition includes the ability to spread from computer to computer, albeit by p2p or not. and yes i'm laughing too
Stuart Halliday said 6:16AM on 1-24-2009
Strictly speaking a Trojan is a form of malware that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine.
Viruses are sometimes confused with Trojans, which are technically different.
Trojans need a human to reproduce, a virus doesn't.
Kali4 said 1:41PM on 1-27-2009
Apple had the very first virus (in the wild): Elk Cloner
John said 8:19AM on 1-24-2009
What the brief article did NOT mention and many of the commenters may not be aware of, is that this vulnerability not only puts the Mac user that downloaded the pirated sofware at risk, but the trojan itself is designed to set up a botnet to use those computers as slaves to the master's whim. I'm ALL for wagging my finger and saying "shame shame... " to those who download pirated software when there's a perfectly good trial version available for 30 days from the source. And if something bad should happen to their system as a result of their thievery, then so be it. However, this was used as a weapon against an innocent third party. Whoever did this can launch instructions to those 20,000 computers to execute some other dastardly deed against someone (or some people) who have nothing to do with their software or P2P networks, etc...
How do I know this? I was actually the victim of a DDOS attack from those 20,000+ computers that nearly put an end to my business by crippling our host's servers and pushing our bandwidth over 600Gb within a week's time and sending millions of bot "visits" to our www.DollarCardMarketing.com site. We have no way of knowing whether the coder had something against us, or we were just a randomly picked "test" site, or if someone hired them to write and distribute it. A more comprehensive article was written and is being followed up on at the Washington Post: http://voices.washingtonpost.com/securityfix/2009/01/pirated_iwork_software_infects.html?hpid=sec-tech
Be safe!
Best Regards,
John
Reply