• Your favorite








    , and
  • Security Breach and Fix for those Pirating iWork '09

    The antivirus vendor Intego reveals that they've discovered a new Trojan horse that is being carried by pirated copies of iWork '09 circulating on a number of sites.

    Intego has classified the Trojan as a "serious" risk and named it OSX.Trojan.iServices.A. The Trojan allows a malicious user to connect to an infected machine and perform any number of functions and download additional software to the machine.

    Intego explains:

    "This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac."

    Intego reports that tens of thousands of people are still pirating the iWork '09 package on some sites despite the knowledge of the Trojan.

    However there are now instructions on how to deactivate the Trojan. They are:

    " 1) (open Terminal.app)
    2) sudo su (enter password)
    3) rm -r /System/Library/StartupItems/iWorkServices
    4) rm /private/tmp/.iWorkServices
    5) rm /usr/bin/iWorkServices
    6) rm -r /Library/Receipts/iWorkServices.pkg
    7) killall -9 iWorkServices"

    MacScan has also released a free utility to remove the Trojan.

    This Trojan looks like it is the first real OS X Trojan to advance beyond the proof-of-concept or pranking stages and really cause some trouble…guess Apple can't say OSX is bug free anymore.

    Source: iWork '09 Torrent Carrying OS X Trojan [Updated] - Mac Rumors
    This article was originally published in forum thread: Security Breach and Fix for those Pirating iWork '09 started by AppleChic View original post
    Comments 26 Comments
    1. Nibbers's Avatar
      Nibbers -
      Quote Originally Posted by aamodr View Post
      could anyone please tell me how do you know your mac is infected with a virus or a trojan? i have iAntivirus loaded is that any good?
      i would just look in the folder listed and see if "iWorkServices" is in there. also just incase update iAntiVirus and see what it bring up
    1. aamodr's Avatar
      aamodr -
      thank you for the prompt reply.. i do not have iWork 09, it was just a general question.. i just wanted to know is there any way as to know how a MAC behaves when it is infected.?? or does it just crash?
    1. idolpunk's Avatar
      idolpunk -
      the larger the mac user base gets, the more of these we will start seeing
    1. BenzoHartt's Avatar
      BenzoHartt -
      i thought macs were indestructable.... :-(
    1. dr.stevil's Avatar
      dr.stevil -
      New Mac Trojan appears in pirated versions of Photoshop CS4 - 5,000 infected so far : Macenstein

      looks like they found one in photoshop too... a mod might want to post this as a new story (or add it to the OP)
    1. one1's Avatar
      one1 -
      Here's what it looks like if you weren't an idiot and didn't pirate iWork.