iWork '09 trojan infects 20,000 pirates

Karma, no matter what you do it will come back to bite you where it hurts the most. Up to 20,000 pirates who thought they would get away without paying for iWork '09 have learned that the hard way.

A recent copy of iWork '09 was leaked to the web but contained a free bonus add on, a virus called OSX.Trojan.iServices.A. This virus does the nasty work of installing itself in the startup as root. It then goes on and broadcasts its location and allows for malicious users to take over your Mac and install anything they want and modify files already on your computer.

It goes without saying that people who stole this software will probably have a hard time removing the malicious program because of that nature it was installed. Karma has certainly come full circle to those trying to pirate software.

Report a problem with article
Previous Story

Sony cuts 16,000 jobs and reports net loss

Next Story

AMD Phenom FX CPU expected in 2009

104 Comments

Commenting is disabled on this article.

At this point I'd like to point people here:

OS X Leopard - Technology - Security

At NO point does that site say OS X is virus free. If YOU have made the assumption that OS X is virus free out the box that is YOUR mistake.

What OS X does do is:
a) scan every item that is downloaded for a program
b) require admin login for installation of all applications or access to system files (inc malicious programs)

Unfortunatly Apple nor Microsoft can stop user stupidity, but by providing the user with prompts asking for username & password's they can hopefully help users to make informed decisions.

And just to clear things up. I like both my PC & Apple as much as each other, they both have their places for my work. But isn't is funny how Microsoft blatently ripped off OS X/Linux's prompting for installation of items/opening of programs & turned it into something "New" ie UAC.

Thats my 2cp worth.

this here ladies and gentlemen is a clear example that always the free alternative is better...much much better.
you dont have to pirate any software in linux.. cuz almost all software in linux is free and very decent alternatives to paid software. plus obviously you are very safe from virii and hackers when you use linux.
(but obviously not virus and hacker proof--like for any system. although very close to that)

but yeah.. that showed em mac elitists!! muhahaha.

Lol at the Windows users who treat this as the ultimate proof that Mac OS sucks. OMG Mac has a trojan! I told you it sucks... Meanwhile Windows viruses/trojans don't even make the news anymore, because it's not news.

Disclaimer: I use Windows. I hate Mac elitist. But that had to be said.

It's about time pirates got what they deserve though you'd think they would try this on a product that would actually be in demand.

So, would it be illegal for a company to install a virus or many viruses into a program which would be activated with specific illegal keys that said business leaks out over the internet? If so, why?

It could "almost" say something about it in the softwares 400 page EULA.

Nobody should say Mac's don't get viruses/trojans. Because that's just tripe.

If I remember correctly the first major virus was a Mac virus. So the whole idea of a virus was propelled into the open by a Mac exploit.

It's all about market share - anyone with half a brain would know. Why would someone bother creating a virus for a Mac? It wouldn't affect that many businesses or people.

jamesyfx said,
Nobody should say Mac's don't get viruses/trojans. Because that's just tripe.

If I remember correctly the first major virus was a Mac virus. So the whole idea of a virus was propelled into the open by a Mac exploit.

It's all about market share - anyone with half a brain would know. Why would someone bother creating a virus for a Mac? It wouldn't affect that many businesses or people.

There are still ZERO self-replicating, self-installing viruses in the wild for OS X. And OS X is not the same as the old Mac OS.

The more times you say that LTD the more ridiculous it gets.

Note: There are also ZERO self-replicating, self-installing viruses in the wild for all version of Windows....

If it self replicates it would be known as a worm.

Some of those pirates may have had a brain and used an anti-virus program even though they were using an "untouchable" OS and thus not been infected.

GreyWolfSC said,
Some of those pirates may have had a brain...

Not likely. Otherwise they'd have downloaded the trial from Apple website and just pirate a serial number.

"I've had 1 virus ever and that was the Blaster worm(WindowS) was unavoidable at the time unless you had a router in place" LOL thats B/S Ms issued an update for windows months before the blaster worm hit, it was users who didnt keep their systems updated who got infected.

xSuRgEx said,
"I've had 1 virus ever and that was the Blaster worm(WindowS) was unavoidable at the time unless you had a router in place" LOL thats B/S Ms issued an update for windows months before the blaster worm hit, it was users who didnt keep their systems updated who got infected.


The same was true with Code RED.

The exploit that the CR worm used was patched back with NT 4 Service Pack 6 (and Windows 2000 Service Pack 1); Windows XP (which was in beta at the time) was actually immune. At the time, I was working in Customer Support for the broadband division of the Big Cable Company, and CR was a real Pain In The Rear for us in support (not just because we had to direct users on how/where to get the appropriate patches, but because we as a company were changing over from NT 4 Workstation to 2000 Professional, and some of us had just gotten used to NT4's quirks). However, kudos to Inside Technical Support; not so much as *one* of our demo machines (mostly running Windows 2000 Professional) ever got infected.

Anti Virus or no Anti Virus software, The only thing I find that beats this sort of crap is the End user.
I always fix PC's they always have AV software, Yet some how end up mangled with spyware and other junk, Virus's, Trojans etc.
So Anti Virus software doesn't protect you that much. In fact I'm pretty sure I could run windows or OSX with out AV and be fine. I done that whilst testing Vista beta a while back for near 6-8months. All fine.
The computer(MAC no wait sorry that should be Mac! or PC) is only as safe as the monkey using it. Because 90% of all the Virus's etc you get on a PC are installed by the end user. I've had 1 virus ever and that was the Blaster worm(WindowS) was unavoidable at the time unless you had a router in place. Which at that time weren't so popular for the home user. The best Anti Virus software = Educated End User. Then Both O/S's would be as immune as each other!

... not that the original posts are any better. This was a sad thread to read. Most don't even know what a virus is, and are more interested in attacking Macs because "Mac users attack Windows". Damn kindergarten. Aren't we better than this?

Yeh its making me laugh too =D
"oh but the user chooses to install it" then they deserve it lol
The lure of free (think Bonzi Buddy) gets people to install anything. Thats why mac users MUST run AV software. Because your gullible enough to think that your protected by Lord Jobs.

It is indeed a trojan, not a virus. And that is a huge difference: a virus installs itself behind your back. A trojan not. By entering your admin password you grant access to whatever you install. No OS can protect you from this!

There are still ZERO self-replicating, self-installing viruses in the wild for OS X.

No need to defend the FACTS.

The correct picture for this article which incorrectly states this is a virus. Its a trojan, not a virus. Very different.

Ok, it doesnt matter how easy the virus is to remove...or if it spreads. What matters is this is an example, another one, of people starting to attack Macs more and more. This is how it started with PC viruses. Small and simple and then it grew like crazy. Lots of people didnt have antivirus on their PCs either and they were caught with their pants down. This seems like Deja vu to me.

I posted an article on another thread about a Mac attack in mid 08...I am kinda curious if the economy issues will help spread the attacks on Macs. People are losing money like crazy and need to branch out...im sure there are tons of unprotected Macs with sensitive info...personal or otherwise...hell, spyware would be cool to see on a Mac with all those adverts trying to get you to buy things...and no, I am not Mac bashing....just expressing my opinion...so chill if you are heated

People sit here and argue about this crap day after day... and where does it get anyone? i never see anyone fight like this about other things. do people go into kitchen forums and say things like "well a whirlpool refrigerator keeps my carrots fresher than your terrible GE"..."but GE has sleeker lines"... no, they don't because it gets you nowhere. because no one cares!
it's a freaking computer. it tells time, it brings you to the same internet, they both have a number 7 button.
you give a moron a mac, they'll figure out a way to **** it up... give a nobel prize winner windows, and they'll probably do something great with it... and what do you know? vice-versa...

and what was this written on? does it matter? did it change the content? then it's none of your f-ing business.
thank you, have a nice day

Umm, wow. wookietv, your comment was worse than any Mac vs PC comments I have seen. Step back, take a look in the mirror, think for a sec, and then post again....*shakes head*

I can see wookie's point here. Having a rational discussion or debate that compares operating systems is great, but a lot of people just trade mac/windows insults and it gets old really fast. Use whatever OS works best for you.

/- Razorfold said,
lol LTD and RAID 0 agreeing on a point =P

Who would have ever thought that was possible =P



Oh that's nothing, I even agree with C_guy now and then!

The Ukrainian Hackers disguised it as a gift for the people with uTorrent running 24/7 IIRC. So the people of the warez community accepted it and let it through their firewall (entered their username and password if you will). The trojan then proceed out of the iWork installation files in the night and burned the Mac to the ground.

Surprised nobody has said this sooner...well I haven't seen it as far as I read, maybe half way :P

But trojan...why is it called a trojan? Because it was named after the Trojan horse that entered Troy... the Greeks disguised it as a gift for the end of war IIRC. So the people of troy accepted it and let it through their gates (entered their username and password if you will). The Greeks then proceed out of the horse in the night and burned the city to the ground.

So yes...it is actually a trojan...

Ricky Smith said,
And they say Mac users are bad :-/ Half of the comments are windows users ragging on OS X for getting a virus.

What comes around, goes around.

Ricky Smith said,
I've never seen mac users attack windows as much as windows users attack mac :)

Then you need to get out more often because MAC users are always snobbing that their playschool computer is better then a windows based machine. No matter how you put it MACs were never immune. The fact remains that no one cares enough to write malicious code for a mac because its not worth it. There are a millions PC's to one MAC. Now that someone did everyone is crying because MAC users are like 15 years behind the anti-virus game

And to all the morons who talk about "is it a virus if you allow it to be installed" DUHHHHH think about that. I am pretty sure that when a user clicks a file and the warning box comes to make sure you want to install it, it doesn't say "Warning, you are about to install a virus. Press yes or no."

Its like reading a message board filled with inept retards

Solidstinch said,
Then you need to get out more often

yeah because getting out more often will educate yourself about computers :-P

Windows users always comment on Mac news, they jump on anything because they are jealous.

Coming from a Windows/Mac/*nix user.

The reason Macs aren't as known for viruses isn't just because of the fact that there's less of them out there (hell any code writer would become well known for writing a mac virus since we tout our immunity to viruses.) The fact is that the system Mac OS is based off of is far more secure than Windows in the way its designed.

Solidstinch said,
Then you need to get out more often because MAC users are always snobbing that their playschool computer is better then a windows based machine. No matter how you put it MACs were never immune. The fact remains that no one cares enough to write malicious code for a mac because its not worth it. There are a millions PC's to one MAC. Now that someone did everyone is crying because MAC users are like 15 years behind the anti-virus game

And to all the morons who talk about "is it a virus if you allow it to be installed" DUHHHHH think about that. I am pretty sure that when a user clicks a file and the warning box comes to make sure you want to install it, it doesn't say "Warning, you are about to install a virus. Press yes or no."

Its like reading a message board filled with inept retards

What is a "MAC" do you mean a "Mac"? Really go back to playschool until you can learn the difference between an abbreviation, and an acronym. So you don't make this mistake in the future, an example:

PC is a Personal Computer and can be abbreviated as PC.
Mac is a Macintosh and cannot be abbreviated as MAC because it is not a MAC (which could stand for a hundred different things) but a Mac.

Also, I still do not understand why people waste their time arguing about OS choice. I love my Mac, but I cannot live without Windows either - there both necessary for me to get work done.

Ricky Smith said,
I've never seen mac users attack windows as much as windows users attack mac :)


Microsoft never did a public TV advertising campaign that implies that Mac's get viruses but PC's don't.

Aeonandromere said,

What is a "MAC" do you mean a "Mac"? Really go back to playschool until you can learn the difference between an abbreviation, and an acronym. So you don't make this mistake in the future, an example:

PC is a Personal Computer and can be abbreviated as PC.
Mac is a Macintosh and cannot be abbreviated as MAC because it is not a MAC (which could stand for a hundred different things) but a Mac.

Also, I still do not understand why people waste their time arguing about OS choice. I love my Mac, but I cannot live without Windows either - there both necessary for me to get work done.

Aeonandromere,

LOLOLOL! wait....hahahahaha!

Um.... Mr English major, "there both necessary". Wasn't your post meant to demean Solidstinch for his lack of engrish skillz? "There" is not the word you were looking for, it was "they're" that you needed. Because you were ABBREVIATING "they are" Noob!

Microsoft never did a public TV advertising campaign that implies that Mac's get viruses but PC's don't.

If the tables were turned and Windows was the OS with less virus/trojan exposure, rest assure they would. It's simple marketing. Everyone knows Windows users get more viruses, it's a far more exposed operating system. Apple use that in marketing. There's nothing wrong or weird with that. It's completely natural. Competition. That's an area Mac does much better on.

For example, on the other hand, in the "I'm a PC" ad, Microsoft used the idea that Windows is so well spread throughout the world. Because that's an area Mac still has to catch up in. Competition again.

I'm not sure why this is such a sore spot for Windows users. Windows HAS more viruses than the competition, far more. It's on the order of magnitudes. Why be surprised that this is frequently pointed out by competitors? Microsoft frequently point out that they're the most popular OS in the world. People don't go nuts about that. We know they're right already.

Solidstinch said,
There are a millions PC's to one MAC.

Actually there are just around 95 PC's to one Mac.

Edit: Make that around 10 PC's to 1 Mac... My math sucks.

I thought crapple's Mac OS X was immune to viruses and trojans?

Ooops...Now that Apple has made billions of dollars out of you dumb illiterate mac users, now you realize you've been lied to and tricked again by Steve Jobs and his gang of iTards because you didn't bother doing any research.

Nothing is immune to the user installing things. And lay off the personal attacks. You might try changing your name as well. I'm sure you're at least over 8 years old.

I thought crapple's Mac OS X was immune to viruses and trojans?

No, there has been a proof of concept virus written for OS X before, so in that case you're just uninformed. Also, this is not a virus, it's a trojan.

So many people on Neowin seem to get this wrong. I'm not quite sure how to explain it in simple enough terms, really...

Let's just say it's like a vampire then. According to vampire "laws", you have to invite a vampire to your house for it to enter it. This is the same thing.

No lies. The user can install whatever they want. No one ever said Macs were immune to the user installing suspicious things. That's the whole reason for account permissions in OS X - for years now, and in Linux as well.

Wow, and what about Windows Vista's User Account Control? That protects the user from automatic installs of viruses using their current privileges. Windows 7 has improved with UAC too, so it looks like Mac OS X is equally as secure as Windows and Linux. By the way, Mac OS X has been secure for sometime now because no developer is willing to develop a threat for a less popular platform, they go for the biggest and try to take that one down. Windows Vista is as secure as Mac OS X Leopard and it just gets attacked more, but it has the same concepts of security to protect the user.

Wow, and what about Windows Vista's User Account Control?

Yes, what about it? UAC was designed for Windows because of the tradition of running Windows as administrator, which helped trojans in installing without permission. No one use to deny that, not Mac users either. :S
Windows 7 has improved with UAC too, so it looks like Mac OS X is equally as secure as Windows and Linux.

What?? What does UAC have to do with OS security? It's only there as a safeguard from running executable files, like the password prompts in OS X or Linux when using "sudo". Do you know what a critical remote exploit is? It's something that remotely bypasses UAC or other such mechanisms. And now we're venturing into the realms of failing computer security. Nothing that you said explained how any of these operating systems had worse or better protection against this.

You're just talking of measures to protect users from social engineering attacks, not OS security on a technical level.

Jugalator said,
Yes, what about it? UAC was designed for Windows because of the tradition of running Windows as administrator, which helped trojans in installing without permission. No one use to deny that, not Mac users either. :S

What?? What does UAC have to do with OS security? It's only there as a safeguard from running executable files, like the password prompts in OS X or Linux when using "sudo". Do you know what a critical remote exploit is? It's something that remotely bypasses UAC or other such mechanisms. And now we're venturing into the realms of failing computer security. Nothing that you said explained how any of these operating systems had worse or better protection against this.

You're just talking of measures to protect users from social engineering attacks, not OS security on a technical level.


UAC has everything to do with security, unless rootkits don't count as a security risk.

http://www.neowin.net/news/main/08/05/25/t...-nails-rootkits

I've actually bookmarked this to proove to all those idiots who tell me Macs cannot get viruses!

I work on the technology section at M&S... I may print this out and stick it on the wall above the Macs :P

The difference being that you are required to enter your password in order to install the virus on your mac. On a PC, you normally get the virus while browsing warez sites, long before you even try to install any software.

Doesn't really count if it asks for your permission to install and you type in your password.

Nothing gets on your Mac without it notifying you and asking for your permission, to put it simply.

So no, Macs don't get viruses. Unless you install them. And this kind usually doesn't propagate.

So unless you want to look dumb, don't go sticking anything on any wall. OS X is as safe as it has always been.

cycro said,
The difference being that you are required to enter your password in order to install the virus on your mac. On a PC, you normally get the virus while browsing warez sites, long before you even try to install any software. ;)

Ever heard of UAC?

Edit: Forgot to laugh at Mac users. Hahaha. Ok I'm done.

LTD said,
Doesn't really count if it asks for your permission to install and you type in your password.

Nothing gets on your Mac without it notifying you and asking for your permission, to put it simply.

So no, Macs don't get viruses. Unless you install them. And this kind usually doesn't propagate.

So unless you want to look dumb, don't go sticking anything on any wall. OS X is as safe as it has always been.

http://media.techtarget.com/digitalguide/i.../Misc/uac_2.jpg
Oh look vista confirms things to.

Anyway I find it funny that all the Mac fanboys become very very defensive as soon as another one of their lies that they hide behind to say Mac is better crashes down.

LTD said,
Doesn't really count if it asks for your permission to install and you type in your password.

Nothing gets on your Mac without it notifying you and asking for your permission, to put it simply.

So no, Macs don't get viruses. Unless you install them. And this kind usually doesn't propagate.

So unless you want to look dumb, don't go sticking anything on any wall. OS X is as safe as it has always been.

You seem to so easily forget the massive design flaw that let Safari download and install anything it wanted with root access, without ever even asking the user. If I remember, Apple was notified beforehand of the discovery, and then they did a mass PR cover-up and denial of the incident, which led to many computers being targeted through Safari as a zero-day exploit.

What made matters even worse, is that Apple used deceptive adware tactics to silently install Safari onto Window machines using iTunes. Microsoft had to issue an emergency security bulletin to instruct unsuspecting Windows users on how to find and uninstall Safari, to prevent their computers from getting infected by Apple's debacle of a zero-day exploit.

Yet you have the nerve to post that Apple doesn't get Viruses? At least try to be a fanboy with some credibility.

I'm a happy Windows VIsta user, with UAC, FireFox3 and AVG....

I don't get viruses :P

Again a Virus is an unwaned piece of software, that is install without the users knowledge.

Yes Windows users suffer the most because of 1 main issue, they run as admin. Linux/Mac protect the user because they are not root, unless they type in their password that requires elevated rights.

Just like dumb Windows Users, there are dumb Mac users!

Doesn't really count if it asks for your permission to install and you type in your password.

Exactly. That makes this a trojan, not a virus, since it installs itself only with your permission. Security-wise, this makes a HUGE difference.

It can't replicate itself either. Another property of a computer virus.

LTD said,
Nothing gets on your Mac without it notifying you and asking for your permission, to put it simply.

Hey LTD. You are still running around lying here and there...
How can you say that BS when there are dozens of remote code execution vulnerabilities? Don't tell me you don't know about security holes in Macs.

ataris_kid said,
Ever heard of UAC?

Edit: Forgot to laugh at Mac users. Hahaha. Ok I'm done.


Actually I have. It's the Utterly Annoying Crap that comes with Vista, isn't it?

"You're about to perform an action which requires an Admin confirmation, do you want to continue?"

"Yes."

"OK, now this is the real Admin confirmation you need to do. Do you confirm?"

Soon most people turn it off because it bugs the hell out of them and a turned off protection is no protection at all. It's a lot better in Windows 7, but at the default setting, I didn't get a single prompt while installing several programs, which makes me wonder if it'll warn me if a virus is trying to install.

RealFduch said,
Hey LTD. You are still running around lying here and there...
How can you say that BS when there are dozens of remote code execution vulnerabilities? Don't tell me you don't know about security holes in Macs.

They mean absolutely nothing until they're exploited successfully. And that hasn't happened in the wild yet.

LTD said,


They mean absolutely nothing until they're exploited successfully. And that hasn't happened in the wild yet.

Slithering away aren't you?
First you say that "Nothing gets on a Mac" without user consent.
Then you silently back off and tell there are holes, but they weren't exploited successfully.
When I debunk this lie, you'll say that "I haven't seen anyone exploited through this hole.(And if I had, I'd never tell you.)"

RealFduch said,

Slithering away aren't you?
First you say that "Nothing gets on a Mac" without user consent.
Then you silently back off and tell there are holes, but they weren't exploited successfully.
When I debunk this lie, you'll say that "I haven't seen anyone exploited through this hole.(And if I had, I'd never tell you.)"

There are still ZERO self-replicating, self-installing viruses in the wild for OS X.

That's all that matters.

Yes. It still harms the operating system! That's like saying is it still a robber if somebody lets them in (as they knock on the door under false pretence and false reasons) and then they rob the place.

Brandon Live said,
That's how most viruses work... Particularly trojans like this.

I always thought viruses that install themselves silently whilst browsing websites (or running applications) were the more common (albeit, I plead ignorance: been a Mac user for some time now).

That's what Mac users mean when they say "don't get viruses". If a user installs a virus (or to follow cJr's metaphor, unlocks and opens the door to the robber)—well, no OS can protect from idiocy.

That's how most viruses work... Particularly trojans like this.

Really.. And I'm not saying this out of some Mac defense... But it's about time we separate "virus" from "trojan".

http://en.wikipedia.org/wiki/Computer_virus

"A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user."

This is not a virus, because it can neither replicate itself, nor does it install without permission. Please start using these terms properly. Anti-virus companies actually do, so it's only confusing if we don't.

mattrobs said,
I always thought viruses that install themselves silently whilst browsing websites (or running applications) were the more common (albeit, I plead ignorance: been a Mac user for some time now).

That's what Mac users mean when they say "don't get viruses". If a user installs a virus (or to follow cJr's metaphor, unlocks and opens the door to the robber)—well, no OS can protect from idiocy.

Nope, Viruses rarely infect that way, the most common way is to trick the user into running an exe file (or mac equivalent) and then it's game over essentially. In that respect Windows and OS X are identical.

Xavien said,

Nope, Viruses rarely infect that way, the most common way is to trick the user into running an exe file (or mac equivalent) and then it's game over essentially. In that respect Windows and OS X are identical.


Not quite.

There are still ZERO self-replicating, self-installing viruses in the wild. No way OS X can be infected by them in the first place.

James Riske said,
I thought mac users were safe from these terrible things? <sarcasm>

Anyone can create a malicious program and install it on people's machines if the admin happily hands out the password for it.

I guess the only reason this is news is because it's on OS X? Pirated Windows apps have had viruses in them for years. Then again, just downloading random crap from kazaa, limewire or other p2p places will do it too if you're careless enough.