warning: iWork 09 trojan horse

be careful

A security alert posted this morning by antivirus vendor Intego reveals that the company has discovered a new Trojan horse that is being carried by pirated copies of iWork '09 circulating on a number of torrent sites.

The Trojan, which Intego has classified as a “serious” risk and named OSX.Trojan.iServices.A, allows a malicious user to connect to an infected machine and perform various functions, as well as download additional software to the machine.
This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.
Intego reports that over 20,000 users had downloaded the package as of 6:00 AM Eastern time this morning, and an update to an entry posted on Intego’s Mac Security Blog notes that the Trojan now appears to be actively downloading new code to infected machines and using them to carry out denial-of-service attacks on certain websites.

Update: Despite significant publicity surrounding this incident today, the infected iWork package remains active in the torrent community. In light of this continued activity, we have moved this report from Page 2 to our front page and are providing instructions for deactivating and removing the Trojan from infected systems.

1. (open Terminal.app)
2. sudo su (enter password)
3. rm -r /System/Library/StartupItems/iWorkServices
4. rm /private/tmp/.iWorkServices
5. rm /usr/bin/iWorkServices
6. rm -r /Library/Receipts/iWorkServices.pkg
7. killall -9 iWorkServices
   OSX.Trojan.iServices.A appears to be the first significant OS X Trojan to advance beyond the proof-of-concept or pranking stage to engage in truly malicious behavior.

offtopic:

I HATE BILLY MITCHELL

blasphemy, billy mitchell is a God among men. He also makes tasty hot sauce

hell hath finally frozen over…

FUCK

Mac has a virus?

Oh no! VW kids are burying their heads in the ground across the world.

Thank god.

FAKE: Macs can’t get viruses.

:picard:

(This is hardly the first.)

I don’t understand… everyone told me the Mac is so far superior to the PC. what else could I buy to be super fucking trendy.

Oh well I’m gonna go blog on my I <3 Obama blog about how much I like black dick and CHANGE

ILC, I’ll write you a strongly worded letter on my typewriter about why John McCain was the right choice, and how only communists and terrorists use any kind of computer, Mac or PC.

I don’t give a shit who was president, I’m sick of all these fucking cock suckers talking about OMG MACS ARE THE BEST FUCKING THING EVER THEY CAN’T GET VIRUSES AND ARE SOO MUCH MORE FUCKING SUPERIOR

When they are not… they use the same hardware, and it just doesn’t have the market share right now for coders to exploit. When actually the Mac is far more susceptible to 3rd party software attacks than a PC is.

Also Obama, FUCK CHANGE, if you are going to do it great do it… I don’t want to hear these stupid fucking drunk assholes at the bar talk about how the world is going to so much of a better fucking place cause some long legged black dude is in office.

Bingo. Nothing new here people.

EDIT: Good looks on the heads up though Doc, thanks. And ILC…go hit the pipe again and chill, DAMN.

bold statement my friend

He has a point, but no one really cares to hack into someones computer for Indie music, drama blog entries, and pshopped pictures of the sidewalk…

I hate the Mac shit too.

Your argument in “paragraph” two is misleading. They’re not more susceptible, but Mac does have far less security coverage available.

And Obama has nothing to do with this thread, you just brought him in to be a dick. Cheerio, though, because I hate when anyone apolitical pretends to be part of the process. If they want to come in, and learn, and maybe do something, that’s fine, but I hate the fratboys in the bar who are stammering about change as much as you do. I also hated every time I saw “YES WE DID” when I went to inauguration (because they didn’t do anything, and neither had he, at that time).

But as for the change - yeah, it’s already working, world opinion of the United States went up drastically, immediately. [/derail]

:lol: