Trojan found in pirated Apple iWork software

Internet security firm Intego said on Thursday that it has discovered a new Trojan horse in pirated copies of Apple's iWork '09 productivity software that could allow an attacker to take control of the infected computer.

The Trojan horse, OSX.Trojan.iServices.A, discovered circulating in copies of the software on BitTorrent trackers and other pirate sites, is rated serious, according to Intego's security alert.

When iWork is installed, the Trojan is installed as a start-up item as a part of iWorkServices. It has read-write-execute permissions for root control of the computer, Intego said. The malware connects to a remote server over the Internet and may download additional components to the infected computer.

As of early Thursday, at least 20,000 people had downloaded the iWork '09 installer, according to Intego.

Meanwhile, an Italian researcher has uncovered a way to inject malicious code into memory of OS X-based computers, which would enable attackers to easily hide their activities, according to The Register.

[oldmanangry]

So news means that it must be "new." The fact that pirated software on the web contains trojans/worms/viruses is not news since it's not new and it would actualy be news if it did NOT contain malware. So why is this news? Oh right, the other double standard of the news media: it's Apple. Anything related to Apple is news.

[JoshMiller79]

I think it's more the idea that Mac's are pushed as "Mac's don't get viruses".

Really a Mac virus could end up being worse than any Windows virus since Mac users have the pretense that they are invincible to viruses.

[unknown unknown]

Well considering Apple's OS X hasn't really been affected by a serious trojan before, it's news. Even more so because of it's privileged escalation to root.

Time to pull your head out.

[nixermac]

@JoshMiller and unknown unknown - trojans on Mac OS X are so far Proof of Concept. Every one of the so called virus or trojan require administrator privileges to cause any serious problem or impact.

---------
More so what else do pirates deserve. It is easy to create a simple script that would destroy your system and screw up your files and execute this through a installer. For that matter I can modify the installer for iWork to do this. Now you would say "How do I trust that the installer from Apple is not cracked?". Look for the SHA or md5. If you do not know what these are then you are screwed.

[Dalkorian]

Uh, Josh ...

A trojan is not a virus. Learn the difference, it's pretty substantial.

There is no such thing as an OS that's immune to trojans. Period. Fool the user and it's game over. That's in part why there is no such thing as a "secure" operating system, just "more secure". That's another difference you should figure out. The only really secure computer is disconnected from any and all networks AND power, dismantled, locked in a safe, encased in concrete and lead and sealed inside a vault that itself is encased in concrete and lead. That machine is totally secure (but equally useless).

The other end of the spectrum is a winblows box hooked up to a network.

[JuggerNaut]

@JoshMiller79

No, Mac users don't think they're invisible, but they do think that since Windows is the #1 target for all sorts of malware that choosing the not so targeted platform is a better choice (well if that's what they care about most that is).

I think the best approach is to choose a platform that is not the most popular like Linux, Solaris, BeOS (now Haiku), Amiga and etc... The more heterogeneous the computing landscape, the better!

[sharmajunior]

Well thank god OSX is finally getting attacked. There about to be a few more really nasty ones coming out soon. So much for a secure computer....LOL

[ember415]

oldmanangry: This is news because NOOB consumers are always saying "MACS DON'T GET VIRUSES GET A MAC!"

[sciontcya]

It's "news" because people can't resist TRYING to make the Mac look as hole-ridden as Windows.
Intego - purveyors of all that is non-issue Mac security issues.
I'm glad - I hope everyone that steals software hoses their Macs and PCs.
Karma I can live with...
MS just laid-off 5k workers...I see who's on top and it's not Windows and the lemmings that use/rely upon it.

[unknown unknown]

Yet another example of why I refuse to own any Apple products.... Association with the mac community.

[eadeguzman]

Talk about who's on top when Apple reaches more than 50% market share.... 5k is a small number for a company the size of Microsoft. Also, remember that 77% of folks buying a Mac also buys MS Office and perhaps a significant number buying Windows as well with their Macs.

You'd be better off comparing Apple with DELL or HP and not Apple vs (DELL + HP + Lenovo + Sony).

[ZetaZeta_]

Cutting 5,000 jobs is mild compared to the rest of the tech industry. Take a look at our economy for one second, please. Cutting back doesn't necessarily mean you're doing anything wrong.

[benjwah]

@unknown unknown - Me too

[bigmc6000]

Zeta Zeta - Well since people like to compare MSFT to AAPL let's look - Apple hasn't laid anyone off and they sent around a letter saying they won't lay anyone off and they most recently blew all analyst expectations out of the water and reported not only huge revenue but an INCREASE in revenue compared to last year. It seems as tho Apple's stance is working better than anybody else's. That doesn't mean they are immune but when everybody else is laying people off and Apple has almost $30 billion is cash sitting around I'll put my money on the company that has all the cash to stave off even the worst of recessions.

[CrashPad63]

Bigmc600 And MS has more cash on hand than that. And consider this. All this comparison, Apple returns 14.8% where as MS returns 28.4%. MS has a lower debt ratio and a hell of a lot more emplyees than Apple. Go figure once you really start looking at the numbers.
MS is so diversified they will waether this. Oh and by the way, something most are overlooking. With the 5000 rolling layoff MS is also adding 3000 to new ventures and expanding other areas.

[Someone-else]

Another one that believes "Hi, I'm a Mac" ads...

You computer is as safe you YOU want it to be. I've always used Windows computers and I've NEVER had problems with Viruses, just keep some free antivirus in the background and the click the "Congrats, you're the 1 000 000th visitor" banners that you should be safe.

[Notoapplefanbois]

Yes guys but the reason why they have such a high earning is becuase they rip all you apple fanboy's off. You can get a PMP with ten times the storage and over three times the screen area still with wifi and gps for only $60 more than the Ipod touch 32gb, and as soon as the psp2 comes out if it lives upto even half of the hype it's been given then it'll crush all of apple's puny little pmp's.

[0zSpit]

in case you missed the news, apple stock is almost useless thanks the news of steve jobs health. i think the investors are going to sue apple for the public release of this information. apple and it's minimal users should be happy about any market share they get, no matter how low of a percentage. another reason to bash crapple users...

[sharmajunior]

@ eadeguzman

Your logic makes no sense. You want to compare Apple to a Dell which makes no sense. Apple makes its own hardware and software where as Dell only makes the hardware. So in that case Apple has more responsibility to make their products perform better and be more compatible with their authorized products in order to avoid shame.

[toosday]

Eew! Let this be a lesson to you: Thievery doesn't pay.

(Oh, and fanboys and fan girls are about to turn this otherwise informative story into a total flame war. Too bad.)

[sciontcya]

Informative?
How?
Filler at best - must be a slow Obama-worshipper's day...

[0zSpit]

they always do. just because they were taken by an over priced piece of garbage they blame microsoft for their bad decisions

[solu1978]

and Apple computers are the safest .. " Meanwhile, an Italian researcher has uncovered a way to inject malicious code into memory of OS X-based computers, which would enable attackers to easily hide their activities, according to The Register. "

[sciontcya]

At this point, they ARE the safest.
Does that mean they're foolproof/perfect/without potential to be hacked/exploited?
No.
Don't be a bonehead.

[Dalkorian]

Did you read that article on The Register? It answered a few questions for me. Notable quotes include:

"Similar stealth techniques have existed for more than two years for infecting Windows and Linux machines, but until now, researchers knew of no reliable way to cover their tracks when attacking Macs."

"To be clear, attackers who want to use the technique must first have a reliable exploit for an unpatched vulnerability in OS X or in iTunes, Safari, or some other OS X application. The injection method doesn't make it any easier to pierce a Mac's defenses. It only makes it easier for attackers to cover their tracks once they have."

I don't mean to minimize the danger this poses - suffice it to say Macs WERE the safest (and might be again if Apple figures out a patch against this). I'd argue they're still safer than most systems out there though. Just because a hole was discovered in their armor doesn't mean that armor is suddenly worse than wrapping yourself with a chain link fence.

And let's keep this in perspective - this "hole" only allows them to cover their tracks. It in and of itself doesn't allow them to exploit the machine - just hide their tracks when (if?) they DO find a way to exploit the machine. What scared me most was the exploit vectors this could hide - not only the OS but applications like Safari, iTunes and likely QuickTime (OUCH!). But again, it's not like they can't do this in winblows or Linux already - they just hadn't figured out how to do this in OS X yet - until now.

Still no viruses after all these years. (Please don't show your ignorance by pointing to that article about the trojan attached to pirated iLife '09 copies on TPB - a trojan is not a virus.)

[random truth]

Kids, KIds. Its not winblows,M$, Micro****, etc. Say it with me Mirosoft? Windowsº

[AppleSuxLeo]

That`s what you get for pirating software. What a concept , paying for something many people labored over.

[kelmon]

Well, I'm honestly stunned. This is the first time I've ever agreed with Leo. If you are prepared to pirate then don't complain if you also get screwed. Even more so when you are pirating some pretty good software and it costs peanuts.

[sebastien.kalonji]

After all the former warnings of intego I don't even take this news serious anymore. Intego just wants to sell their useless mac products.

[macewan_]

All that's needed (a birdy told me) to the Info.plist replacement method.

[1eye1]

This story is fake because everyone knows that apple OSX is immune to this kind of thing.

[xcal78]

Immune to what? oooo those look like viruses!

Mac OS X Virus: Inqtana.A Worm
OSX/Inqtana.A is a Java-based worm that exploits the directory traversal vulnerability in the Bluetooth file and object exchange services in Mac OS X 10.4 (Tiger).

Leap.A aka Oompa-Loompa virus
The Leap.A (aka Oompa-Loompa) infects applications in Mac OS X 10.4 (Tiger) running on PowerPC processors.

[sharmajunior]

What kind of world are you living in?

Your comment is hilarious and stupid at the same time.

[583casper583]

How is this news?
Pirated software can have viruses planted in them.
So what if it's a mac. Anything can have viruses these days.

[w_bee]

How is this NOT news?
It is like everybody know bird flu killed people; but anyone died of bird flu is still news.

[ibeetle]

The anti-Mac comments are hysterical.
A Trojan is not a virus. A Trojan has to be downloaded, and installed. It cannot spread from one computer (Mac, nor Windows) to another.
If you don't download illegal and/or bootleg (Mac or Windows) software you don't get a Trojan.

Macs are as secure as ever.

[rapier1]

No, but it does provide a vector to turn the macs into bots.

[hc2008]

What idiots! The program only costs $79. Just buy the thing and be done with it. Just like OS/X, when it is released it's only about $125 for the full OS unlike Windows that comes in 5 flavors $200+ just for an upgrade, requires you to by all new software, hardware and still doesn't work worth a flip. One fact that is overlooked by people claiming that Mac's cost too much, in the long run, you end up spending less money on software, your legal and when you turn it on, it just works. The accumulation of hours lost just rebooting windows whenever you do a simple task such as install or remove an application can easily add up to a ridiculous amount of hours over a year in lost productivity.

Buy a mac, buy legit, and in the long run you actually end up saving money and man hours.

[Someone-else]

"only about $125 for the full OS"
I really don't get where people find prices for OSX, I thought it was included in the "Apple tax"

[Notoapplefanbois]

wow you get ripped off on windows, for the ultimate it costs about £90 in the UK (~$130)

But then again we pay ~£140 for OSX(~$190)

[0zSpit]

actually windows is only $99 at newegg. only suckers buy retail

[black jelly bean]

I thought crapple's Mac OS X was immune to viruses and trojans?

Ooops...Now that Apple has made billions of dollars out of you dumb illiterate mac users, now you realize you've been lied to and tricked again by Steve Jobs and his gang of iTards again because you didn't bother doing any research. :)

[Motyoj]

Let me guess...you use Windows. That was a no-brainer!

[CrashPad63]

Motyoj, no guessing needed your an idiot lemming who cant hold your contempt for yourself.

[inunacho]

i say it's those people's own fault for being stupid enough for pirating software, I mean if the $79 is to much for you look around and find an older version like I did. Found an official iWork 06 disc at a thrift store for $3.99.

[AppleSuxLeo]

Mac has as many or more holes than any OS. They are just not being exploited. How can I claim this ?
Awell known Mac user who does a radio show said Mac OSX has had hundreds of megabytes of patches recently...more than Vista by far. They are patching holes that could be exploited. Macs just are not a big target like Windows/IE.

[sciontcya]

HAHAHAHAHA.
You are a classic Windoze user - worked, or wants to work at Geek Squad, has no friends, and built a custom PC to maintain a social life.
Even your name tells the story...wanker.

[hunkyboi69]

He's right actually, OS X is full of holes. Apple engineers don't have the competence to make it secure, as they don't understand good code.

They took parts from 2 perfectly good operating systems, NeXTSTeP and FreeBSD and hacked them together....so they just about work. The FreeBSD code that they use in Leopard now is about 18 months old and most of the perfectly servicable FreeBSD code has been hacked around by Apple engineers who normally mess it up. It's a big, hacked up mess of an operating system which is full of holes. For example, the 'engineers' at Apple couldn't even implement ASLR in a decent way, it's easily exploitable. OS X suffers from security through obscurity, because nobody cares about it enough to spend any time on it to build a good exploit.

Take Windows for example, people are constantly fuzzing it, reverse engineering it, trying to create an exploit, but given the widespread use of the operating system, there is remarkably few core WIndows exploits released. If OS X was subjected to that kind of attention from the hacking community, it would be game over for it and then all you fanboys would have egg on your faces.

Theres plenty of ways of gaining root priviledges because of Apples shoddy coding which they simply do not know how to fix.

I used OS X externsively, but when you start delving about deeply into it, you realise what a heap of junk it really is and that if you want to do anything other than read email or browse the web, then it doesn't 'just work'.

I still have a Mac in fact, but it runs Windows now. As far as Viruses/Trojans go, i'm not too stupid to download them, my box is firewalled and I have a decent Antivirus. I'd rather use an operating system that is; 1, Useful (I still cannot see the use for OS X), and 2, Is relatively bug free and much more secure than OS X.

[random truth]

Hunkyboi69:
How does that work since NeXTSTeP was based on freebsd from the start?

[Nataku4ca]

O yes (I'm not trying to be an ass...), THIS finally proves my point to my friends where all OS has vulnerability and bugs, just whether they are found or not(and exploited...)

Just didnt like the band wagons those that consider themself techies like to jump on whether linux, mac, or windows(and yes there is actually one for MS) I prefer to be neutral on this part, but could never really prove some of my points lol

Just a comment to some ppl before I get bashed by zealots from either camp, I HAVE used most of the windows platform, Mac OS X, the older mac(not sure what they were called back then), and linux(fedora, red hat, linpus, ubuntu)... And up until now most of the OS crash by 3rd party apps, (except for 9x family including ME =.=)

[Nataku4ca]

ack how do you edit your own comment? was gonna say i meant no os is safe from all things

[umbrae]

LOL... so much for not needing anti-virus on a Mac. And don't point at software pirates because this will filter down to everyone.

[ballmerisanape]

Well.. genius... this isn't a virus. There are still ZERO viruses for any version of Mac OS X.

Meanwhile.. security researchers are still counting in the MILLIONS how many windows boxes are currently spreading around the "Conficker" virus... and they are now thinking that Vista and WINDOWS 7 computers are vulnerable. Windows 7 isn't even commercially available and it's getting viruses.

[pithenumber]

Windows 7 is Vista based, Windows Vista viruses work on 7. Most XP virus also work on Vista and Windows 7.

[xcal78]

Yea no viruses at all on a MAC just the ones a quick 10 second google search finds?

Mac OS X Virus: Inqtana.A Worm
OSX/Inqtana.A is a Java-based worm that exploits the directory traversal vulnerability in the Bluetooth file and object exchange services in Mac OS X 10.4 (Tiger).

Leap.A aka Oompa-Loompa virus
The Leap.A (aka Oompa-Loompa) infects applications in Mac OS X 10.4 (Tiger) running on PowerPC processors.

[ferretboy88]

This is worse than a virus. What can be worse than having your personal info taken.

[random truth]

I googled those viruses. And read posts by people who actually expierenced them, not anti-virus companies who try to sell you their product.
Oompa-loompa worm, not virus transmitted itself through a psuedo jpeg. When you open it, it requires an admin password. The thing is that half the mac users I know dont even know what their admin passwords are and the ones who do know would get suspicious if a picture from an unknown source asked for their admin password to open it. This also was fixed in an update that warns the user if a program is disquised as another file type. Then asks if the user would like to run the program.

The Inqantan.A worm was a proof of concept hack that used a vulnerbility in the bluetooth stack, patched in 2005. The simpsons worm only worked on os 9 which was released in 1999...
The exploit that zibri found a couple of months ago that could crash quicktime from a bufferoverflow, has now been fixed.
The exploit used in pwn to own was fixed in a safari update.

So, I will now go into the only proven way to exploit mac os x...
Social Engineering.
That is what this attack is. It uses the concept that the biggest security risk is in between the keyboard and chair. If an attacker can get the user to enter the admin password then the computer is at the attackers will. No system is secure... Using social engineering I could make a shell script for linux that would delete the boot partition, send all their contacts an email and restart the computer. The way that most viruses get onto windows is via internet explorer and windows media player which operate deep in the system. Using other programs for browsing and media eliminates about 70% of the viruses for windows.

@ferretboy88
what exactly do you think viruses are for? Tell me does it do any good for a cracker to just destroy as many computers as he/she possibly can? The way virus makers make money is buy using the personal info that they gather from infected computers. The least damage that the virus causes the less detectable it is by the user which equates to more info for the maker of the virus. I always frown on the people who say "I have been using windows since 1995 without anti-virus and I still have no viruses" the Chances are they do and do not know it.

Linux is the most secure os right now. Because of three factors.
1. It has a rock solid unix foundation with strict per application permissions.
2 It has a relatively small market share
3. Open source community fixes exploits fast.

Macintosh is the second most secure consumer os because,
1 It has the same unix core...
2. Apple fixes expoits fairly fast.

And thank you for reading my rant.

[ducttape36]

ballmerisanape,
you are a moron. conficker isnt a virus by your definition either, its malware. its does the exact same thing as this one does for macs, that is, allows control of your computer remotely. learn the facts.

[bgnm]

It's always amusing to read the moronic comments of Microsoft apologists.

[CrashPad63]

And pathetic to view the retort from the lemmings following a dying leader and a defunct OS.

[ballmerisanape]

Here is a free removal tool if you happened to download and install the illegal copy of iWork.

http://www.securemac.com/

[Notoapplefanbois]

tbh i'm more amazed that there were 20,000 mac users who downloaded it when the stereotype mac owner is a rich dumb S***, I guess the 'crunch' is hitting crapple more than I thought

[0zSpit]

ha haa, they're like ray-ray who drives a cadillac but lives in a ghetto