Tumblr 101: Tips And Tricks To Get Started
Sebastian Thrun: Google's Driverless Car
Surprise, Mac users! Pirated iWork download contains a trojan
While it may not be the specific torrent in the screenshot, Mac users may want to stay away from any iWork downloads until there's a bit more information available. Intego, who develop security applications for Mac, report that more than 20,000 people have already downloaded the infected torrents.
The trojan installs as soon as a user begins installing iWork, and then sends a notification to a remote server to announce a new host. It also installs into /System/Library/StartupItems/iWorkServices with full permissions to read, write, and execute.
Yes Windows users, I can hear you snickering.
Nevertheless, this should serve as another reminder to all of us: be careful what you download, especially if it's from an unknown or untrusted source.
Comments
18
Subscribe to commentsThanh NguyenJan 22nd 2009 8:09PM
Isn't that what you get for downloaded pirated software?
Remember, the problem is between the keyboard and chair.
Victor Agreda, Jr.Jan 22nd 2009 9:31PM
Awesome.
CameronJan 22nd 2009 8:15PM
Mac Users... HAHAHAHAHA
MikeJan 22nd 2009 8:28PM
> Yes Windows users, I can hear you snickering.
Snickering? Heck, I actually laughed out loud!
jacobJan 22nd 2009 10:48PM
>>Nevertheless, this should serve as another reminder to all of us: be careful what you download, especially if it's from an unknown or untrusted source.
How about, "Nevertheless, this should serve as another reminder to all of us: don't steal stuff."
Although pirating software is easier to get away with than, say, robbing a bank, it certainly isn't any less illegal (or stupid).
dano272Jan 22nd 2009 10:54PM
"Macs are getting more popular, so it stands to reason that we're going to start seeing more of this"
Oh - so the whole reason macs are impervious to viruses is because they're just not popular enough? That makes sense. Kinda the same reason ugly chicks don't get herpes?
Lee MathewsJan 22nd 2009 10:56PM
I think it's pretty widely accepted that malware development for Mac is what it is because of Apple's relatively small market share.
Makes sense to me, anyway.
kojo87Jan 23rd 2009 1:19AM
yeah makes perfect sense. why bother writing a virus if its not going to infect many computers.
does this mean Apple is going to make its own anti-virus and charge some outrageous price for it?
ronmosesJan 23rd 2009 2:54PM
Absolutely. It's called "security by obscurity" and it's widely acknowledged as the primary reason for the low number of Mac viruses/trojans/malware. This doesn't mean Macs aren't secure, and it's not a jab at Apple, it's just a simple statistical truth.
Fozzy BearJan 22nd 2009 10:12PM
keep in the mind... the only reason this works is because the user acknowledges and gives permission via password authentication that this installer can have read/write access to install iWork and the Trojan... otherwise, it's DOA just like anything else they try to sneak into a Mac.
blahJan 22nd 2009 10:32PM
also keep in mind that from Vista forward, even if you are logged on as administrator a UAC prompt would come asking the user to allow any installer to continue. BUT, windows users seem to consider clicking "Continue" or "allow" a nuisance before installing programs where as mac and linux users flaunt entering their password before installing programs as a security feature (UAC and sudo have the same idea, different style of implementation. personally, i like sudo better but UAC also works for stopping trojan installers such as these.)
Jash SayaniJan 23rd 2009 4:27AM
Just check the reputation of the uploader ! As simple as that!!
BTW, I can't believe that people are keeping so close watches on torrent sites....
abdarJan 23rd 2009 8:16AM
Lol, yes we can hear you windows user snickering...but during all that, your pc has probably downloaded 5 viruses and crashed
Stuart HallidayJan 23rd 2009 10:59AM
I'm a Windows IT adminstrator.
Will dumb Windows users repeat 100 times: A Trojan is NOT a Virus.
Anyone can write a Trojan. It's just a program within a program after all.
I've yet to see a Virus reported running on a Mac.
i.e. A Virus is a program that uses exploits in a computer's OS to reproduce itself unknowing to the user.
:-)
meGrimlockJan 23rd 2009 3:10PM
you're forgetting a widely accepted definition includes the ability to spread from computer to computer, albeit by p2p or not. and yes i'm laughing too
Stuart HallidayJan 24th 2009 6:16AM
Strictly speaking a Trojan is a form of malware that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine.
Viruses are sometimes confused with Trojans, which are technically different.
Trojans need a human to reproduce, a virus doesn't.
Kali4Jan 27th 2009 1:41PM
Apple had the very first virus (in the wild): Elk Cloner
JohnJan 24th 2009 8:19AM
What the brief article did NOT mention and many of the commenters may not be aware of, is that this vulnerability not only puts the Mac user that downloaded the pirated sofware at risk, but the trojan itself is designed to set up a botnet to use those computers as slaves to the master's whim. I'm ALL for wagging my finger and saying "shame shame... " to those who download pirated software when there's a perfectly good trial version available for 30 days from the source. And if something bad should happen to their system as a result of their thievery, then so be it. However, this was used as a weapon against an innocent third party. Whoever did this can launch instructions to those 20,000 computers to execute some other dastardly deed against someone (or some people) who have nothing to do with their software or P2P networks, etc...
How do I know this? I was actually the victim of a DDOS attack from those 20,000+ computers that nearly put an end to my business by crippling our host's servers and pushing our bandwidth over 600Gb within a week's time and sending millions of bot "visits" to our www.DollarCardMarketing.com site. We have no way of knowing whether the coder had something against us, or we were just a randomly picked "test" site, or if someone hired them to write and distribute it. A more comprehensive article was written and is being followed up on at the Washington Post: http://voices.washingtonpost.com/securityfix/2009/01/pirated_iwork_software_infects.html?hpid=sec-tech
Be safe!
Best Regards,
John