Login

Doc · 04-17-2009, 03:06 PM

http://blogs.zdnet.com/security/?p=3157

All because you downloaded the torrent instead of ~~hitting the newsgroups~~ buying legit software.

You should be ashamed of yourselves.

Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.

Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine...

lazydays · 04-17-2009, 03:20 PM

I am skeptical.

Blankity Blank · 04-17-2009, 03:44 PM

Doc wrote:
Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.

Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine...

It sounds a little weasel wordy. They found a "link". "... what appears to be the first Mac OS X botnet...". Do they have conclusive evidence or not? How big of a botnet could you really build off of pirated copies of iWork anyway if you're not using a method designed to propegate from machine to machine?

It seems like if you wanted to really build a good sized botnet you'd use something hotter and "sexier" than iWork. But I guess you never know. Still, I can't help but detect at least a slight whiff of FUD.

cbelt3 · 04-17-2009, 03:56 PM

I'm not too skeptical. It's a classic trojan horse, not a 'virus' or classic Windows malware that it delivered through some sort of web-by thing.

The morans who downloaded this actually installed it using their administrative passwords. So unless they're running LIttle Snitch or the firewall, they've been ownzed.

Doc · 04-17-2009, 03:58 PM

'Thing is, the trojan was detected pretty early on. 'Easy enough to figure out what it'd do. The only question was when it was gonna be used.
http://www.macworld.com/article/138432/p...oshop.html

Press releases from Symantec are often little more than fear-mongering, but this was not published in a press-release. It came out in a trade-publication where people will undoubtedly try to reproduce their results.

Filliam H. Muffman · 04-17-2009, 04:03 PM

News about the trojan surfaced 4 months ago.

INTEGO SECURITY ALERT - January 22, 2009 Mac Trojan Horse OSX.Trojan.iServices.A Foundin Pirated Apple iWork 09 http://www.intego.com/news/ism0901.asp
Symantec uncovers Trojan concealed in pirate copies of Apple’s iWork ‘09 http://www.symantec.com/en/uk/about/news...0090123_11
Mac OS X Malware found in pirated Apple iWork 09 January 22nd, 2009 8:53 am* http://blogs.zdnet.com/security/?p=2418
iWork '09 Torrent Carrying OS X Trojan [Updated] January 22, 2009 02:19 PM EST http://www.macrumors.com/2009/01/22/iwor...-x-trojan/
Trojan hides in pirated copies of Apple's iWork '09 http://www.computerworld.com/action/arti...ticleBasic&articleId=9126609
Trojan found in pirated Apple iWork software January 22, 2009 1:07 PM PST http://news.cnet.com/8301-1009_3-10148359-83.html
Mac Trojan Hidden Beneath Pirated iWork ‘09 January 23, 2009 http://blog.trendmicro.com/mac-trojan-hi...-iwork-09/
Intego: Mac trojan horse found in pirated Apple iWork ‘09 January 22, 2009 11:37 AM EDT http://www.macdailynews.com/index.php/we...nts/19844/
Intego: Pirated iWork ‘09 Hides Trojan January 22nd, 2009 at 9:01 AM http://www.macobserver.com/tmo/article/i...es_trojan/
BitTorrent copies of iWork '09 may contain nasty Trojan Jan 22nd 2009 http://www.tuaw.com/2009/01/22/bittorren...ty-trojan/
I think that is most of the major links from http://macsurfer.com/?ndate=2009-01-22

News about the attacks surfaces.

* iBotnet: Researchers find signs of zombie Macs April 16th, 2009 http://blogs.zdnet.com/security/?p=3157

Edit: D'oh! forgot the link to a removal utility.
iWorkServices Trojan Horse Removal Tool for Mac OS X Free PSA - OSX.Trojan.iServices.A http://macscan.securemac.com/iworkservic...r-mac-os-x

Login
Username:
Password:	Lost Password?
	Remember me