Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iWork '09 Torrent Carrying OS X Trojan

gkarris said:
and starts the onlsought of Mac viruses....
Click to expand...

NOT a virus. Trojans are trivial to write. All you do is write something that does X and tell everyone that it does Y. If you want to not be caught quickly then you make it do the advertised job but just add that "extra" function.

For example that "free porn downloader" who's real function is to scan your disk for passwords and credit card info would trick a lot of people if it really did happen to deliver some porn.

All this guy did was go and get a real copy of iWork and then add one small extra bit to it. The user thinks he has the real deal because it works just fine.

The ONLY way to defend against these kinds of attacks is to set up a "store" like the iPhone uses and make that the only source of software and even then it can't really work because a Tojan writer uses a delayed "time bomb". So the people who test the software and approve it to go into the store don't see the "extra function" because it is disabled until some future date.

The guys who did this iWork trojan were not smart enough. By not using the time delay they were caught early and only 20K or so copies got distributed

Anyway down loading iWork from a bit torrent is is dumb. Apple has iWork available on their own web site. Down load it from there if you want a copy.



i have been a mac user for many years and have never even put any thought towards purchasing an antivirus software. Does anyone recommend a specific one. I might as well secure my machine just in case.
Click to expand...

Like I wrote above: this is NOT a virus. It was just a program that was "mis-labled" The cover said <goodthing> but inside was <bad thing>. Anti-virus software can NOT stop you from intentionally installing what you think is <good thing> The ONLY thing that can save you is to get your software from a trusted source.
 
benthewraith said:
I find your use of the word derogatory and inflammatory. You make it sound as they are subhuman wretches who board ships and plunder them for their riches, kill their crew, and use those ships to further commit acts of criminal influence.
Click to expand...

That's about right, in terms of moral equivalency. Except, they're too lazy to get a boat so they make do with being parasites on people trying to make a living with their work.
 
ChrisA said:
The guys who did this iWork trojan were not smart enough. By not using the time delay they were caught early and only 20K or so copies got distributed
Click to expand...

Actually according to my latest counts by browsing some torrent sites that number is closer to 100k now. There are also still thousands of people currently downloading this despite warnings in the discussion threads associated with the torrent download.

While it is easy to criticize people in this incident, it would be just as easy for a hacker who gained access to a software developer's website to hide the trojan in an otherwise legitimate piece of software.

Lets also not forget the true victim here, the poor person who runs the server that is getting attacked by this mac botnet.
 
I've just got used to the whole not having to use virus protecter thing. I would be annoyed to have to go back.
So for my piece of mind, am I right in believing that if you didn't illegally download iWork you are perfectly safe, and that there is nothing to see here?
 
AmbitiousLemon said:
Actually according to my latest counts by browsing some torrent sites that number is closer to 100k now. There are also still thousands of people currently downloading this despite warnings in the discussion threads associated with the torrent download.

While it is easy to criticize people in this incident, it would be just as easy for a hacker who gained access to a software developer's website to hide the trojan in an otherwise legitimate piece of software.

Lets also not forget the true victim here, the poor person who runs the server that is getting attacked by this mac botnet.
Click to expand...

They must be getting real desperate. I bet they hope no one ever finds out the truth or where they hide or ****** will be all over the fat asses! And you know who you are!
 
AmbitiousLemon said:
Some sensible precautions mac user can take:

Anti Virus
Clam AV is the gold standard in protecting *nix systems. It is free and open source and delivers superior protection compared to commercial anti-virus applications. Its only real failing is an ugly UI. Be sure to set it to update its virus definitions on a schedule. There is little need to have it scan your whole computer (this would slow things down considerably), just make sure it is set to scan you desktop, downloads, and email. It also comes with a contextual menu item so you can right click and tell it to scan things (this would be helpful when borrowing thumb drives).

Firewall
Be sure to turn on a firewall. Your Mac has one built in that you can turn on and manage easily using your system preferences. If you use a router to connect to the internet it also has a built in firewall that is probably off by default.

Non-Admin Account
By default your user account on your Mac is an administrator account. It is a good idea to create a second account as an administrator and demote your normal account to not be able to administer the computer. This will cause your computer to prompt you for the admin username and password when performing more invasive tasks such as installing applications. You will never need to actually log in using the admin account.

Little Snitch
Little Snitch is an application that alerts you when any application on your computer sends information out (sort of like the opposite of a firewall). Its a bit annoying at first as you slowly tell it what applications/connections to trust (and no longer alert you about), but eventually you never see it unless something unusual is occurring. Those who have been infected by this current trojan have reported that Little Snitch catches the trojan.
Click to expand...
Thanks.
 
Rodzirra said:
Right. And sometimes it just can't be had.

If you wants something, earn it. Don't assume the world exists for your personal pleasure, or the world will show you how untrue that sentiment really is.
Click to expand...

I agree with that for the most part. It all boils down to price. I think Apple has pretty reasonable prices on their software.

Adobe, on the other hand... go figure, they have software activation and serial numbers and all that stuff. If they didn't charge so much for their software to begin with they wouldn't lose so much business to pirated software. (In my opinion).

I'm sure 20,000 downloads is a drop in the bucket compared to the amount of users that download cracked Adobe products.
 
I don't think macrumors.com should provide removal instructions. This is not a virus that will replicate to innocent users machines, it is a trojan that will only effect the pirates, so macrumors.com is helping pirates.
 
SydneyDev said:
I don't think macrumors.com should provide removal instructions. This is not a virus that will replicate to innocent users machines, it is a trojan that will only effect the pirates, so macrumors.com is helping pirates.
Click to expand...

you don't have to endorse piracy to be helpful to some of the mac community...


besides- I was referring more to the USERS of macrumors.com and not the people themselves..

anyone who's infected- do we know yet where it attaches itself, or is that random?
 
Hemingray said:
I agree with that for the most part. It all boils down to price. I think Apple has pretty reasonable prices on their software.

Adobe, on the other hand... go figure, they have software activation and serial numbers and all that stuff. If they didn't charge so much for their software to begin with they wouldn't lose so much business to pirated software. (In my opinion).

I'm sure 20,000 downloads is a drop in the bucket compared to the amount of users that download cracked Adobe products.
Click to expand...


sebgreen said:
Ok , I can undretand maybe getting a pirate copy of adobe creative suit or something like that, it's around £3000 new or something. iWork is £69, pennies compared to some apps, why not just save yourself hastle and buy a kosher copy
Click to expand...

Uhh. Ok. Can I break into your house and just steal a few items as opposed to everything?

Creative Suite > iWork. Last time I checked, you can make more money with Photoshop and InDesign than you can with Pages and Numbers .
Besides, comparing the CS to iWork is like comparing a BMW to a bicycle. You can't afford the BMW, so you aren't entitled to one.
 
Thanks arn for posting removal instructions.

It is good that MR is not judging and treating "Pirates" like the dirty scum of the earth like some people are expressing in this forum. I defy you to prove to me that any of you on here are the saints you claim to be...

I for one DL'd the torrent and just used the SN apple sent for the free trial, seeing as the DL from apple was shaping up to take 4x as long.
I am not infected (thankfully) but am very glad that MR has instructions on how to protect yourself if you are.
 
I'm curious. Would deleting the "iWorkServices.pkg" from the disk image prevent the trojan from being installed, since that has all the trojan stuff in it?
 
People actually use iWork?!?!?! :eek:

Moreover, they don't pay for it? It's hardly extortionate. Last I checked it was about £50 iirc, which imho is a reasonable price to pay for an application suite.

I'm not nearly as suprised that someone patched an installer to iWork 09 as I am how many people downloaded it! Yowser!
 
I downloaded from the thepiratebay and It is not in the location that its reported to be in. I would assume that I am safe, What do you think?
 
what about them who have done nothing wrong?

A lot of people seem to have the attitude that "serves them right" or "karma is a bitch" or that macrumors should not provide instructions on how to remove the virus. But you do know that it's not illegal to download copied software for personal use from the internet in some countries? My point is just that not everyone who has downloaded the torrent has done anything wrong, so why all the negative responses?
 
hene01 said:
A lot of people seem to have the attitude that "serves them right" or "karma is a bitch" or that macrumors should not provide instructions on how to remove the virus. But you do know that it's not illegal to download copied software for personal use from the internet in some countries? My point is just that not everyone who has downloaded the torrent has done anything wrong, so why all the negative responses?
Click to expand...

Why? The preview version was available on Apple's website ? Were you trying to keep from paying for it ?
 
it can be wrong without being illegal

hene01 said:
But you do know that it's not illegal to download copied software for personal use from the internet in some countries? My point is just that not everyone who has downloaded the torrent has done anything wrong, so why all the negative responses?
Click to expand...

I would argue that it's wrong to download copyrighted material that a company normally sells.

Even if some countries don't make it illegal, you are still getting the benefits of the product without helping to support the manufacturer.

Whether you torrent, or "borrow" someone's DVD and serial number, or whatever - it's not right.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back