Other sites are reporting that a full format of the drive is required as the trojan spreads and plants other trojan's throughout your machine.

Buy a PC...

If anyone else is wondering if they have it in the article it says:

"To check if you’ve been infected, look in /System/Library/StartupItems for an item named iWorkServices. If it exists, you’ve been infected with this Trojan horse. "

Because I KNOW you are all obsessed with my life, I would like to relieve you and let you know, I'm not infected.

Thank God... I got scared there for a second.

I must say this is the first time I enjoy hearing about a virus, if you know what I mean. :-)

It is not a virus, it is a trojan.

There is no place like home.
There is no place like home.

I R sooo expensiv (aka Mac)
just became
I R - ERROR, superiority complex compromised

perhaps you should install an antivirus... oh right :)

Not that I love apple or anything but they sole 2.5 million computers last year alone. So 20,000 is kinda nothing at all.

@RoboDan
"I AM ERROR"

HAHAHAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!

I'm sorry. *sniff* HAHAAAAA

Okay, (heeehee) I think I'm okay now.

Am I the only one who sees the irony of being lulled into overconfidence and then installing something on your machine, believing that it wouldn't ever get infected with anything, only to have it require a full wipe of your system??

Wow. Seriously. Wow. See, Avast (and any other decent virus protection) instantly comes up with a warning as soon as the thing is downloaded, as it actively scans the current files in process. But that's okay, Macs seem to be doing fine without virus protection!

Have fun reinstalling all your software applications and tweaking the settings back to normal!

/end_rant_towards_Apple_fanboys

How stupid can you be:

1) iWork 09 is downloadable from Apple. You get a 30 day free trial. Not impressed...and...
2) Apple announced how they were not reinforcing serial numbers on iWork 09 just yesterday.

Dumb asses. I mean there is cheap and then there is stupid cheap. This be that.

I wonder if time machine would work? If it's backups aren't infected, I would guess that you could just go back a few weeks to get rid of it. At least I would hope that would work.

I'm glad I use Open Office, even though it is slow and should be broken apart into individual app icons.

Wow, mike, that is a nasty inferiority complex you have there.

Feeling smug because Macs now have a trojan (that requires them to install illegal warez) ?

When Windows gets hundreds of trojans, viruses and assorted malware (often, famously, just by connecting to the internet) ?

Typical Windows fanboy. The fact that you actually feel smug, like you've accomplished something good or worthwhile here, just demonstrates what a nasty, arrogant, self-aggrandising little person you are, and how unpleasant it must be to know you in real life.

@ shugg

Yes! Hurry up and reformat now! That trojan is gonna destroy your precious Mac! OH NOOOOOOOOOOES!

@shuggs ....you bought it at the apple store, why are you freaking out? Step away from the Disk Utility.

To those of you who pirated this software (shame on you):

1. (open Terminal.app)
2. sudo su (enter password)
3. rm -r /System/Library/StartupItems/iWorkServices
4. rm /private/tmp/.iWorkServices
5. rm /usr/bin/iWorkServices
6. rm -r /Library/Receipts/iWorkServices.pkg
7. killall -9 iWorkServices

Most of all, don't execute anything that doesn't look legit. Just because something asks for your root password doesn't mean you should just blindly enter it.

Are all you Windows Fanboys REALLY that stupid? It's not a virus, dumbass, it's a trojan. If you don't know what that is or don't know the difference, take 2 minutes from your Apple-bashing and figure it out before you make yourself look even more stupid. There is nothing ANY operating system will EVER be able to do to protect dumb users from themselves.

Why is everyone so happy about this trojan on OS X? Windows fanboys / Apple haters are seemingly amused at this "first virus for the Mac".

1) This is not a virus, as many have explained
2) There were plenty of viruses on pre OS X Max OS's
3) This isn't even the first trojan that has been discovered for OS X. I seem to remember one as far back as Nov 2007, though this may be the first one that is "widespread"

The fact is that there are less of these vulnerabilities on OS X, whether it be market share or whatever reason. It is also folly to think that any OS can be 100% secure. That goes for OS X, Windows, Linux, or whatever.

Why does it have to be Windows versus OS X or Linux versus Windows, can't we all just get along?! I guess I am in the extreme minority who actually likes and appreciates all OS's for what they can offer. I love my Mac, I am loving Windows 7, and Linux sure is fun to play with.

I'm simply laughing at the fact that by not encouraging any sort of virus protection (most have the ability to back up critical registry files in case of changes by a virus), the only recourse is to do a full wipe of the system!

Lol. First thing I do to ANY system is put a decent antivirus software. Most protect the computer from unauthorized changes in registry and such. Like a firewall, but more proactive.

Smugness comes to bite them in the ass. Heeeehehehe.

Agree with Nathan...

Afterall, we've got Obama, racism is dead, now we need to conquer this digital dividwe and stand united, no longer as Window-Americans, Mac-Americans or Linux-Americans... Let us stand proud as oh shit, I got the Trojan...

@Mike

FYI... OS X has NO Registry.

@ Mike10010100

The best protection anyone can have against malicious software is common sense. When you download pirated software you leave yourself open to these sort of risks. The same is true no matter which OS you use. I understand you wanting to rub this in the face of a stereotypical Apple Fanboy, who claims OS X is virus-proof; however, this has more to do a user's bad choices than a particular flaw in OS X.

"Buy a PC.."

Oh yeah, no viruses or trojans there... >_>

Oh yeah, also, LOL @ the guys that downloaded it from pirate bay or whatever.

Apple gives the trial for free on their website. All it takes is a special plist file to shut down the trial, n00bs

at the person who said that 20K out of 2.5M is not a big deal
would you say the same thing on an article that reported 20K infected PC
eventhough there was a hell lot more than 2.5M PCs sold last year?
im just asking. if you would say the same thing, then kudos to you sir

and seriously, to all the people complaining on how people are saying
OMG MAC VIRUS... i understand ur complains, but dont say
oh its a trojan not a virus, that just means the user is stuipd.
to the average user an infection is an infection,
and eventhough us here on engdaget know better
we must view this from the point of view of a normal user for once...

and those people saying... oh they had to enter the password themselves
such stupid users, why would they enter pass for iWork Services,
aren't you the same people who were bashing UAC from microsoft
which to a high extent does the same type of stuff... just minus the password entering?

and to end off... i know i complained to a lot of people
but my heart goes out to all of those infected out of innoncence
the day i await is no the day at which each OS has the best protection
but rather a day when infections will just dissapear, when people realize its wrong.
just how piracy is wrong, and those that pirated somewhat deserve this.

i want a day, when there is no apple america and no microsoft america
just the UNITED States of America.

Trojan, not Virus.

It's a Trojan, not a virus

Trojan, not Virus

technically, this is a trojan. meaning that the user has to openly download this, double click install, then type in their admin password to give the install script admin rights on the computer.

Correct.

A trojan is not a virus. It is a malicious program that required the express permission of the user to install.

1. User downloads pirated software.
2. User installs.
3. User enters their password to proceed.
4. user has bad shit happen.

These idiots got pirated versions of software from an untrusted source, and explicitly installed it. I don't care how virus resistant your systems are, nothing can save you from user stupidity when you provide your credentials to install software.

To be fair, it's much more difficult to execute on a Mac. You actually have to install software and type a password to get this trojan.

What I think is funny is that all the fanboys who love Apple obviously DON'T love Apple enough to actually buy their software. Ha!

Let's see... download malicious software, type in your password to give it root privileges, it does bad things. Where's the surprise?

Wake me when there's a worm spreading in the wild and I'll consider some kind of AV software.

Wow you're anti-Obama and you're a Mac hater. I challenge you to a duel.

I'm voting you up just for your avatar.

At least 20,000 machines?. It wasn't even worth the time and effort creating this trojan.

there isn't. the title and article itself explicitly say it is a trojan.

how you managed to miss the obvious is the bigger jedi mind trick.

That still applies. Anyone who LEGALLY uses their Mac STILL has about a million times less things to worry about as their PC using counterparts. I almost wouldn't be surprised if Apple had something to do with this as a sort of, this is what happens when you pirate our shit, finger in the air to all the cheapskates out there.

mhmm... i'm sure these macs are 'just working' fine...

May the Force be with you

This is a reply to Darren....will it work?

UnixSystemsEngineer

"the funny thing is my comment somehow got inserted in the *middle* of a comments thread replying to dvsbstrd, which is the most confusing part. You'd think it would at least show up at the end."

I know right?

i don't know about where you are but the folks at my local Apple store never make that claim. They will fully admit that it is possible, although perhaps slightly more difficult, to infect a Mac with Malware. when asked about why there aren't more reports of it happening they say it is because those that write such thing do it for the chaos and so they will go after 90% of the market share and not 10%. which makes sense.

Also, I"m sorry but these folks were too lazy to down the legit trial to try it out first and/or too cheap to pay less than $100US for the three programs. They got their punishment. Hope they all remembered to back up regularly.

Its a trojan, a bit different... you had to enter your root password!

Technically, it isn't a virus, it's a trojan. And you wouldn't need an anti-spyware program if you weren't illegally downloading things on a Mac. So technically, Apple is still right.

I've been staring at my hands for five minutes, and for the life of me I can't figure out which to fingers are in front.

"It's not a virus, " they will tell you, "not even a trojan, it's just an unwanted application. "

Apparently there isn't. This thing is a TROJAN. And it doesn't exploit any security whole in the system. The user has willingly given it the right to being executed as root, it's not like it magically gained root priviledges on its own.

"there is STILL no such thing as a virus on a mac"

Ok, both times i was trying to respond to the guy above WTF?

A trojan can easily be just a virus with a backdoor. Not like it matters anyway since this thing basically needs a full reformat to kill.

Derry, way to fail.

Derry: Yeah, the site in being a bitch today, it happened to me too

PS: nobody cares if trojan is really a virus or not. It's enough to state that ANTIVIRUS software is usually the thing that protect against that - in widnows at least kkkkkk

don't macs have a -safeboot /v parameter?

I know, uber-fail on my part with the comments, however, while a trojan is a malicious file, it is not a virus, which by definition (when I was growing up anyway, rememeber Love Bug and Y2K?) not installed due to user error, or interaction.

Or am I wrong?

I don't mind being corrected.

You have to click the undo button.

Hell, i consider harmless malware in the same category as a virus, same with a trojan... its all sneaky malicious software.

lpppppl: Kernel option "-x", or hold down shift immediately after the boot chime until you see 'Safe Boot' printed on the screen.

God dammit you guys.

My inbox has threatened suicide.

I was trying to reply to Darren as well. Maybe Engadget's comment system has a trojan?

Darry Quinn, yeah, me too. the funny thing is my comment somehow got inserted in the *middle* of a comments thread replying to dvsbstrd, which is the most confusing part. You'd think it would at least show up at the end.

Have another email.

;_;

OK, fine:

Virus: Can infect your computer without your knowledge or doing anything intentional.

Trojan: Can infect your computer when you knowingly steal MS Office.

So the only shortfall in OSX's protection is the user itself.




And yes, I have a Mac. Home and work.

i hope more pirates get infected this way.

E-mails foar joo.

double facepalm.

Haha finally mac got a virus (er i mean trojan)!!!!!! Something to push against any Apple fanboys now. But their response (as already seen in the comments by ethana2) will be "it's your own fault for pirating it." People need to learn the smarts of "System Security". Nothing can have "no viruses" unless it's an OS you created yourself on a completely new type of system (not immitating windows or linux) and you are the only one running it.

"What I think is funny is that all the fanboys who love Apple obviously DON'T love Apple enough to actually buy their software. Ha!"
Yes, because 20,000 people are "all the fanboys", right?

Say what TREKi'msocoolIhave666inmyname?

No. 20,000 pirates v. every single PC. Not even close. All those peeps pretty much deserved it.

Because it's better than microsoft word. Keynote has lovely transistions.

To prepare word processing documents, spreadsheets, page layout documents and presentations with.

OpenOffice and its counterparts are a much better and apparently safer deal.

Well there's your problem. You're mixing up word processing and presentation software.

Typical Mac user.

@Jakem: Actually, its both. Plus a spreadsheet application. Its a software suite.

I won't assume that typical windows users make that mistake.

Why even bother going to iWork tomorrow?

Yeah, because lovely transitions make any presentation good!

I think that's kind of telling.

The glossy transitions being of more importance than the content itself.

Let's all sit back and think.

"has lovely transition"

Says a lot about the typical Mac user really.

It's amazing how Intego seem to find out about these trojans on OS X before any other security company.

well considering its iWork and only works on macs, i'll assume they have macs.

but you are correct in that there are people who download just about everything.

Can't install without OS X. Hence must be 20,000 infected Mac users.

What if I'm running hackintosh?

Or people who make money selling pirated software to hapless people.

Way to escape the feds!

Watch those words, matey, lest ye be made to walk the plank!

I can't believe he's low-ranked!

He's right though, this is exactly what pirates deserve.

Maybe he's low ranked because we have to look at him stuffing his face with an ear on chopsticks.
Besides pirates don't suck near as much as religious fanatics (apple users).

If the the mac community isn't much better than creating a virus, is the linux community next??

I hope we (Linux community) are not being "Like Mac".