iWork '09 trojan infects at least 20,000 machines?
by Joseph L. Flatley 
posted Jan 22nd 2009 at 5:14PM
Quite a number of no-goodniks who thought they'd save a few bucks by downloading a pirated version of iWork '09 have gotten more than they'd bargained for -- in the form of a Trojan Horse called OSX.Trojan.iServices.A. This guy installs itself in the computer's startup as root, and once in place it can connect to a remote server and broadcast its location, allowing malicious users to take charge of the machine remotely. And since it has root access to the OS, the trojan can not only install additional components but can also modify existing apps, making this thing extremely difficult to remove. According to a white paper released by Intego, at least 20,000 people may have downloaded the infected software -- which they'll get around to installing as soon as they finish those episodes of Celebrity Rehab they grabbed at the same time.[Via Macworld]
Reader Comments (Page 1 of 6)
Isaac @ Jan 22nd 2009 5:16PM
Although I admit to nothing how the hell might I get rid of this? I don't even know i have it but I need to be sure...
Jason Wright @ Jan 22nd 2009 5:18PM
Other sites are reporting that a full format of the drive is required as the trojan spreads and plants other trojan's throughout your machine.
critic2029 @ Jan 22nd 2009 5:19PM
Buy a PC...
Isaac @ Jan 22nd 2009 5:23PM
If anyone else is wondering if they have it in the article it says:
"To check if you’ve been infected, look in /System/Library/StartupItems for an item named iWorkServices. If it exists, you’ve been infected with this Trojan horse. "
Because I KNOW you are all obsessed with my life, I would like to relieve you and let you know, I'm not infected.
fieldcar @ Jan 22nd 2009 5:32PM
Thank God... I got scared there for a second.
zioncat @ Jan 22nd 2009 5:34PM
I must say this is the first time I enjoy hearing about a virus, if you know what I mean. :-)
ethana2 @ Jan 22nd 2009 5:43PM
It is not a virus, it is a trojan.
dan @ Jan 22nd 2009 5:49PM
There is no place like home.
There is no place like home.
RoboDan @ Jan 22nd 2009 5:57PM
I R sooo expensiv (aka Mac)
just became
I R - ERROR, superiority complex compromised
yuriythebest @ Jan 22nd 2009 5:59PM
perhaps you should install an antivirus... oh right :)
Isaac @ Jan 22nd 2009 5:59PM
Not that I love apple or anything but they sole 2.5 million computers last year alone. So 20,000 is kinda nothing at all.
ED @ Jan 22nd 2009 6:01PM
@RoboDan
"I AM ERROR"
Mike10010100 @ Jan 22nd 2009 6:05PM
HAHAHAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!
I'm sorry. *sniff* HAHAAAAA
Okay, (heeehee) I think I'm okay now.
Am I the only one who sees the irony of being lulled into overconfidence and then installing something on your machine, believing that it wouldn't ever get infected with anything, only to have it require a full wipe of your system??
Wow. Seriously. Wow. See, Avast (and any other decent virus protection) instantly comes up with a warning as soon as the thing is downloaded, as it actively scans the current files in process. But that's okay, Macs seem to be doing fine without virus protection!
Have fun reinstalling all your software applications and tweaking the settings back to normal!
/end_rant_towards_Apple_fanboys
youngblood @ Jan 22nd 2009 6:07PM
How stupid can you be:
1) iWork 09 is downloadable from Apple. You get a 30 day free trial. Not impressed...and...
2) Apple announced how they were not reinforcing serial numbers on iWork 09 just yesterday.
Dumb asses. I mean there is cheap and then there is stupid cheap. This be that.
rcappo @ Jan 22nd 2009 6:19PM
I wonder if time machine would work? If it's backups aren't infected, I would guess that you could just go back a few weeks to get rid of it. At least I would hope that would work.
I'm glad I use Open Office, even though it is slow and should be broken apart into individual app icons.
VanillaSpice @ Jan 22nd 2009 6:36PM
Wow, mike, that is a nasty inferiority complex you have there.
Feeling smug because Macs now have a trojan (that requires them to install illegal warez) ?
When Windows gets hundreds of trojans, viruses and assorted malware (often, famously, just by connecting to the internet) ?
Typical Windows fanboy. The fact that you actually feel smug, like you've accomplished something good or worthwhile here, just demonstrates what a nasty, arrogant, self-aggrandising little person you are, and how unpleasant it must be to know you in real life.
Autopsy15 @ Jan 22nd 2009 6:42PM
@ shugg
Yes! Hurry up and reformat now! That trojan is gonna destroy your precious Mac! OH NOOOOOOOOOOES!
Boyo @ Jan 22nd 2009 6:46PM
@shuggs ....you bought it at the apple store, why are you freaking out? Step away from the Disk Utility.
Aaron @ Jan 22nd 2009 7:02PM
To those of you who pirated this software (shame on you):
1. (open Terminal.app)
2. sudo su (enter password)
3. rm -r /System/Library/StartupItems/iWorkServices
4. rm /private/tmp/.iWorkServices
5. rm /usr/bin/iWorkServices
6. rm -r /Library/Receipts/iWorkServices.pkg
7. killall -9 iWorkServices
Most of all, don't execute anything that doesn't look legit. Just because something asks for your root password doesn't mean you should just blindly enter it.
TheyCallMeBetty @ Jan 22nd 2009 8:28PM
Are all you Windows Fanboys REALLY that stupid? It's not a virus, dumbass, it's a trojan. If you don't know what that is or don't know the difference, take 2 minutes from your Apple-bashing and figure it out before you make yourself look even more stupid. There is nothing ANY operating system will EVER be able to do to protect dumb users from themselves.
Nathan @ Jan 22nd 2009 10:07PM
Why is everyone so happy about this trojan on OS X? Windows fanboys / Apple haters are seemingly amused at this "first virus for the Mac".
1) This is not a virus, as many have explained
2) There were plenty of viruses on pre OS X Max OS's
3) This isn't even the first trojan that has been discovered for OS X. I seem to remember one as far back as Nov 2007, though this may be the first one that is "widespread"
The fact is that there are less of these vulnerabilities on OS X, whether it be market share or whatever reason. It is also folly to think that any OS can be 100% secure. That goes for OS X, Windows, Linux, or whatever.
Why does it have to be Windows versus OS X or Linux versus Windows, can't we all just get along?! I guess I am in the extreme minority who actually likes and appreciates all OS's for what they can offer. I love my Mac, I am loving Windows 7, and Linux sure is fun to play with.
Mike10010100 @ Jan 22nd 2009 10:19PM
I'm simply laughing at the fact that by not encouraging any sort of virus protection (most have the ability to back up critical registry files in case of changes by a virus), the only recourse is to do a full wipe of the system!
Lol. First thing I do to ANY system is put a decent antivirus software. Most protect the computer from unauthorized changes in registry and such. Like a firewall, but more proactive.
Smugness comes to bite them in the ass. Heeeehehehe.
Knee to the Groin @ Jan 22nd 2009 11:14PM
Agree with Nathan...
Afterall, we've got Obama, racism is dead, now we need to conquer this digital dividwe and stand united, no longer as Window-Americans, Mac-Americans or Linux-Americans... Let us stand proud as oh shit, I got the Trojan...
MacSmiley @ Jan 23rd 2009 1:19AM
@Mike
FYI... OS X has NO Registry.
Serryl @ Jan 23rd 2009 10:34AM
@ Mike10010100
The best protection anyone can have against malicious software is common sense. When you download pirated software you leave yourself open to these sort of risks. The same is true no matter which OS you use. I understand you wanting to rub this in the face of a stereotypical Apple Fanboy, who claims OS X is virus-proof; however, this has more to do a user's bad choices than a particular flaw in OS X.
Liquidmark @ Jan 23rd 2009 6:32PM
"Buy a PC.."
Oh yeah, no viruses or trojans there... >_>
Liquidmark @ Jan 23rd 2009 6:38PM
Oh yeah, also, LOL @ the guys that downloaded it from pirate bay or whatever.
Apple gives the trial for free on their website. All it takes is a special plist file to shut down the trial, n00bs
mynk @ Jan 24th 2009 2:42PM
at the person who said that 20K out of 2.5M is not a big deal
would you say the same thing on an article that reported 20K infected PC
eventhough there was a hell lot more than 2.5M PCs sold last year?
im just asking. if you would say the same thing, then kudos to you sir
and seriously, to all the people complaining on how people are saying
OMG MAC VIRUS... i understand ur complains, but dont say
oh its a trojan not a virus, that just means the user is stuipd.
to the average user an infection is an infection,
and eventhough us here on engdaget know better
we must view this from the point of view of a normal user for once...
and those people saying... oh they had to enter the password themselves
such stupid users, why would they enter pass for iWork Services,
aren't you the same people who were bashing UAC from microsoft
which to a high extent does the same type of stuff... just minus the password entering?
and to end off... i know i complained to a lot of people
but my heart goes out to all of those infected out of innoncence
the day i await is no the day at which each OS has the best protection
but rather a day when infections will just dissapear, when people realize its wrong.
just how piracy is wrong, and those that pirated somewhat deserve this.
i want a day, when there is no apple america and no microsoft america
just the UNITED States of America.
Daren @ Jan 22nd 2009 5:17PM
waves front two fingers jedi style-
"there is no such thing as a virus on a mac"
Derry Quinn @ Jan 22nd 2009 5:19PM
Trojan, not Virus.
Derry Quinn @ Jan 22nd 2009 5:20PM
It's a Trojan, not a virus
Derry Quinn @ Jan 22nd 2009 5:21PM
Trojan, not Virus
Eric @ Jan 22nd 2009 5:28PM
technically, this is a trojan. meaning that the user has to openly download this, double click install, then type in their admin password to give the install script admin rights on the computer.
CraigJ @ Jan 22nd 2009 5:49PM
Correct.
A trojan is not a virus. It is a malicious program that required the express permission of the user to install.
1. User downloads pirated software.
2. User installs.
3. User enters their password to proceed.
4. user has bad shit happen.
These idiots got pirated versions of software from an untrusted source, and explicitly installed it. I don't care how virus resistant your systems are, nothing can save you from user stupidity when you provide your credentials to install software.
Jason @ Jan 22nd 2009 5:52PM
To be fair, it's much more difficult to execute on a Mac. You actually have to install software and type a password to get this trojan.
What I think is funny is that all the fanboys who love Apple obviously DON'T love Apple enough to actually buy their software. Ha!
UnixSystemsEngineer @ Jan 22nd 2009 5:59PM
Let's see... download malicious software, type in your password to give it root privileges, it does bad things. Where's the surprise?
Wake me when there's a worm spreading in the wild and I'll consider some kind of AV software.
Chris Are @ Jan 22nd 2009 6:14PM
Wow you're anti-Obama and you're a Mac hater. I challenge you to a duel.
Preston @ Jan 22nd 2009 6:19PM
I'm voting you up just for your avatar.
adrian @ Jan 22nd 2009 6:19PM
At least 20,000 machines?. It wasn't even worth the time and effort creating this trojan.
010111 @ Jan 22nd 2009 6:37PM
there isn't. the title and article itself explicitly say it is a trojan.
how you managed to miss the obvious is the bigger jedi mind trick.
utahnkid @ Jan 22nd 2009 6:55PM
That still applies. Anyone who LEGALLY uses their Mac STILL has about a million times less things to worry about as their PC using counterparts. I almost wouldn't be surprised if Apple had something to do with this as a sort of, this is what happens when you pirate our shit, finger in the air to all the cheapskates out there.
justanotherperson @ Jan 22nd 2009 7:00PM
mhmm... i'm sure these macs are 'just working' fine...
Stereotype @ Jan 22nd 2009 7:08PM
May the Force be with you
Stereotype @ Jan 22nd 2009 7:15PM
This is a reply to Darren....will it work?
Stereotype @ Jan 22nd 2009 7:16PM
UnixSystemsEngineer
"the funny thing is my comment somehow got inserted in the *middle* of a comments thread replying to dvsbstrd, which is the most confusing part. You'd think it would at least show up at the end."
I know right?
LAGal @ Jan 22nd 2009 8:17PM
i don't know about where you are but the folks at my local Apple store never make that claim. They will fully admit that it is possible, although perhaps slightly more difficult, to infect a Mac with Malware. when asked about why there aren't more reports of it happening they say it is because those that write such thing do it for the chaos and so they will go after 90% of the market share and not 10%. which makes sense.
Also, I"m sorry but these folks were too lazy to down the legit trial to try it out first and/or too cheap to pay less than $100US for the three programs. They got their punishment. Hope they all remembered to back up regularly.
Luigi193 @ Jan 22nd 2009 11:51PM
Its a trojan, a bit different... you had to enter your root password!
kevingasio @ Jan 23rd 2009 2:13AM
Technically, it isn't a virus, it's a trojan. And you wouldn't need an anti-spyware program if you weren't illegally downloading things on a Mac. So technically, Apple is still right.
chispito @ Jan 23rd 2009 2:35AM
I've been staring at my hands for five minutes, and for the life of me I can't figure out which to fingers are in front.
Like_A_Glove @ Jan 23rd 2009 3:34AM
"It's not a virus, " they will tell you, "not even a trojan, it's just an unwanted application. "