Intego: Pirated iWork ‘09 Hides Trojan

| News

Mac users hoping to download pirated copies of Apple's iWork '09 may get more than they bargained for thanks to a Trojan Horse that's embedded in versions of the app suite available from BitTorrent sites. According to the security company Intego, the Trojan Horse installs an application that could allow an attacker to remotely perform actions via the Internet on the user's Mac.

The Trojan, dubbed OSX.Trojan.iServices.A, is included as a payload in otherwise normal iWork installers, so users may not be aware that they have also installed malicious code on their Macs. Users that have downloaded and installed a pirated version of iWork '09 can check for iWorkServices in /System/Library/StartupItems. iWorkServices is the malicious payload that's installed along with iWork.

OSX.Trojan.iServices.A is not a virus and requires user interaction for installation. The best way to avoid installing malicious applications on your computer is to avoid pirated software, and to stay away from software sources that aren't trustworthy -- like warez and pirated software Web sites.

 

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Josh

Now THIS is useful security information.  A legitimate, novel exploit that targets the mac and that users need to be aware of. 

That said, I believe that you get what’s comming to you if you download a bootleg copy of iWork.

Lee Dronick

The question still remains “What is OEM?”

I have that phrase set to flag an email as spam.

vasic

This will affect only minuscule percentage of Apple’s user base. Unlike in the Windows world, where vast majority of PCs contain pirated software (often more than 50% of it is illegal), where potential damage from these torrents with trojans is far greater, Mac folk seem to be much more responsible.

What’s rather ironic is that the trojan authors chose to deliver their malware using the ONE software package that can be downloaded directly from Apple, in its entirety, as a full working version! All you need is a serial number to remove 30-day limit. I wonder who in their right mind would actually look to download iWork 09 from some bit-torrent site when they can get the real thing directly from Apple?

black beard

I don’t need iwork cause i got a pirated copy of Microsoft Office lol! I even downloaded Leopard and it even gets the updates! ROFL!

daemon

PCs contain pirated software (often more than 50% of it is illegal)

Exactly where are you getting your numbers?

vasic

They may be somewhat stale, but I remember seeing them in some BSA statement not long ago. The numbers are lowest in the US and go up in Canada, EU, reaching practically 100% in the developing world (if you don’t count free software).

and to Black Beard:

What you did is called theft. In Windows world, you’d probably need to go through some song-and-dance routines in order to circumvent varous layers of copy protection. In the world of Mac, for the most part, a serial number is the only thing (other than bad karma) between you and the fully-working software. Some of Apple’s own software (iLife, as well as Mac OS X itself, and now disc versions of iWork 09) don’t even have the serial number. Apple has FAITH in their users.

brett_x

black beard- just call yourself “troll” next time and save me the trouble of suggesting it.

vasic- I think the answer to your question is: They don’t want a 30 day limit,

Sir Harry.. um… what the heck are you talking about. Did you post in the wrong article?

Josh- I second your post. Especially the second part.

Lee Dronick

“Sir Harry.. um? what the heck are you talking about. Did you post in the wrong article?”

Pirated software. I get a lot of spam for OEM software and a link to some website where I can buy Creative Suite or whatever for $5.00

daemon

OEM means Original Equipment Manufacturer

OEM software then is software that is from the Original Equipment Manufacturer. OEM’s are companies like Lenovo, Dell, HP, Apple, and just about any other company that builds computers for sale on the retail market. Microsoft sells OEM versions of their software to these OEMs at a significant discount compared to their retail versions of the same software. For instance an OEM version of Microsoft Vista Ultimate with Service Pack 1 will sell for about $185. Where as the retail version of Microsoft Vista Ultimate with Service Pack 1 goes for $320.

Companies sell OEM versions of their software to wholesalers, and the wholesalers are supposed to sell only to manufacturers or retailers, however most wholesalers get away with selling to the general public as well. Examples of some wholesalers who sell to the general public are Tigerdirect, ZipZoomFly, and CDW.

Lee Dronick

“Examples of some wholesalers who sell to the general public are Tigerdirect, ZipZoomFly, and CDW.”

The spam I have been receiving are not from those legitimate dealers, I am not going to give a spammer my credit card number. These emails are mostly the same, the same body copy, only the From email address and the link URL changes

My point is that these dubious dealers could just also put a trojan in to the software package.

MicroSoft lists some approved OEM resellers.

geoduck

There’s part of me that has little sympathy for the people that download pirated software and get malware along with it. I compare it to the junkies that complain that the illegal drugs they bought from some guy in an ally weren’t quality stuff. That’s what you get for dealing on the black market, moron.

On the Other Hand

I don’t like it when anyone get’s an infection. An application that “could allow an attacker to remotely perform actions” could be used to push out worms, keyloggers, and such across their network and cause a world of hurt, not to mention a lot of unnecessary work for those of us who have to clean up the mess.

Yes <sigh> OK I’ll save your @** again. Unfortunately to get rid of this I’m going to have to do a format and rebuild. You don’t back up your data? Well I guess that’s the second lessen you’ve learned the hard way.

chuffy

this is total scaremongering bull! i have said pirated iwork 09 and there is no trojan or anything remotely like it in this package. Maybe im just lucky lol…..i tell you one thing though all my software for the mac is pirated including the OS. Free is nice! if u want to pay for it then thats your problem, all i know is i get the pirated software as soon as its released and it costs me nish! how do you like them apples?

geoduck

Hey whatever floats your boat, but somebody has to pay for developing quality software or soon there won’t be any out there. Coders have to eat too.

Lucky? or maybe you just don’t know what to look for.

vasic

Well, I wouldn’t say “whatever floats your boat”. What our chuffy friend is doing here is basically criminal and against the law in pretty much any jurisdiction on this planet. He is illegally obtaining something which isn’t his, without paying for it. Theft is theft, no matter how you slice it. Having a pirated OS, iWork and “all other Mac software” means that this person stole probably hundreds of US dollars’ worth of software. In other words, he stole an equivalent of an LCD TV, or a 10-year old car, or some poor woman’s purse with a wallet and an iPhone inside… No difference.

How about them apples now?

zewazir

Ditto vasic, but with one addition:

Any and all draconian anti-piracy measures out there which make it difficult (or impossible) to legitimately make backup copies of music, videos, software installers, etc. is due to chuffy types.

For instance, I purchase a DVD - or set of them - like all seasons of Stargate SG-1 - a pretty hefty investment.  (Ok, ok, my taste in programming is not the issue!!)  Because of security measures - the need of which was brought about by pirates - I cannot make a backup, like I used to do when buying VHS movies.  Sure enough, one of my SG-1 DVDs has gotten damaged, and I will probably have to buy the entire season again to get it back.  So I’m out another 30-40 bucks, in addition to the extra I paid for the original set that was tacked on to offset piracy.

geoduck

I agree, it is wrong, it is theft, it is criminal. Telling that to a burgler or your average car theif has no impact either. My point was that it’s just a really bad idea. If everyone stole whatever they wanted, then there would be no new software made. Insanely Great costs a lot to develop. If you want good software tomorrow, then pay for it today. Where do maladroit like chuffy think the money to write new code comes from.

Of course chuffy is likely too dumb to know if he IS infected or not. .

Log-in to comment