Mac Heads: iWork 09 + Serial

I would suggest you take a hard look into what you downloading!

Look below :smh::smh::smh::smh:


Link: http://www.engadget.com/2009/01/22/iwork-09-trojan-infects-at-least-20-000-machines/






iWork '09 trojan infects at least 20,000 machines?

by Joseph L. Flatley, posted Jan 22nd 2009 at 5:14PM
Quite a number of no-goodniks who thought they'd save a few bucks by downloading a pirated version of iWork '09 have gotten more than they'd bargained for -- in the form of a Trojan Horse called OSX.Trojan.iServices.A. This guy installs itself in the computer's startup as root, and once in place it can connect to a remote server and broadcast its location, allowing malicious users to take charge of the machine remotely. And since it has root access to the OS, the trojan can not only install additional components but can also modify existing apps, making this thing extremely difficult to remove. According to a white paper released by Intego, at least 20,000 people may have downloaded the infected software -- which they'll get around to installing as soon as they finish those episodes of Celebrity Rehab they grabbed at the same time.

[Via Macworld]
 
Be careful!!!:smh:

iWork '09 Torrent Carrying OS X Trojan [Updated]

Thursday January 22, 2009 02:19 PM EST
Written by Eric Slivka

Mac News
A security alert posted this morning by antivirus vendor Intego reveals that the company has discovered a new Trojan horse that is being carried by pirated copies of iWork '09 circulating on a number of torrent sites.

The Trojan, which Intego has classified as a "serious" risk and named OSX.Trojan.iServices.A, allows a malicious user to connect to an infected machine and perform various functions, as well as download additional software to the machine.

This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.
Intego reports that over 20,000 users had downloaded the package as of 6:00 AM Eastern time this morning, and an update to an entry posted on Intego's Mac Security Blog notes that the Trojan now appears to be actively downloading new code to infected machines and using them to carry out denial-of-service attacks on certain websites.

Update: Despite significant publicity surrounding this incident today, the infected iWork package remains active in the torrent community. In light of this continued activity, we have moved this report from Page 2 to our front page and are providing instructions for deactivating and removing the Trojan from infected systems.

1) (open Terminal.app)
2) sudo su (enter password)
3) rm -r /System/Library/StartupItems/iWorkServices
4) rm /private/tmp/.iWorkServices
5) rm /usr/bin/iWorkServices
6) rm -r /Library/Receipts/iWorkServices.pkg
7) killall -9 iWorkServices
OSX.Trojan.iServices.A appears to be the first significant OS X Trojan to advance beyond the proof-of-concept or pranking stage to engage in truly malicious behavior.
 
Be careful!!!:smh:

iWork '09 Torrent Carrying OS X Trojan [Updated]

Thursday January 22, 2009 02:19 PM EST
Written by Eric Slivka

Mac News
A security alert posted this morning by antivirus vendor Intego reveals that the company has discovered a new Trojan horse that is being carried by pirated copies of iWork '09 circulating on a number of torrent sites.

The Trojan, which Intego has classified as a "serious" risk and named OSX.Trojan.iServices.A, allows a malicious user to connect to an infected machine and perform various functions, as well as download additional software to the machine.

This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.
Intego reports that over 20,000 users had downloaded the package as of 6:00 AM Eastern time this morning, and an update to an entry posted on Intego's Mac Security Blog notes that the Trojan now appears to be actively downloading new code to infected machines and using them to carry out denial-of-service attacks on certain websites.

Update: Despite significant publicity surrounding this incident today, the infected iWork package remains active in the torrent community. In light of this continued activity, we have moved this report from Page 2 to our front page and are providing instructions for deactivating and removing the Trojan from infected systems.

1) (open Terminal.app)
2) sudo su (enter password)
3) rm -r /System/Library/StartupItems/iWorkServices
4) rm /private/tmp/.iWorkServices
5) rm /usr/bin/iWorkServices
6) rm -r /Library/Receipts/iWorkServices.pkg
7) killall -9 iWorkServices
OSX.Trojan.iServices.A appears to be the first significant OS X Trojan to advance beyond the proof-of-concept or pranking stage to engage in truly malicious behavior.


this one is not a torrent though and comes from the apple website. :yes:
 
Another stupid question, can you install this and not loose everything your itunes and iphotos
 
Be careful!!!:smh:

iWork '09 Torrent Carrying OS X Trojan [Updated]

Thursday January 22, 2009 02:19 PM EST
Written by Eric Slivka

Mac News
A security alert posted this morning by antivirus vendor Intego reveals that the company has discovered a new Trojan horse that is being carried by pirated copies of iWork '09 circulating on a number of torrent sites.

The Trojan, which Intego has classified as a "serious" risk and named OSX.Trojan.iServices.A, allows a malicious user to connect to an infected machine and perform various functions, as well as download additional software to the machine.

This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.
Intego reports that over 20,000 users had downloaded the package as of 6:00 AM Eastern time this morning, and an update to an entry posted on Intego's Mac Security Blog notes that the Trojan now appears to be actively downloading new code to infected machines and using them to carry out denial-of-service attacks on certain websites.

Update: Despite significant publicity surrounding this incident today, the infected iWork package remains active in the torrent community. In light of this continued activity, we have moved this report from Page 2 to our front page and are providing instructions for deactivating and removing the Trojan from infected systems.

1) (open Terminal.app)
2) sudo su (enter password)
3) rm -r /System/Library/StartupItems/iWorkServices
4) rm /private/tmp/.iWorkServices
5) rm /usr/bin/iWorkServices
6) rm -r /Library/Receipts/iWorkServices.pkg
7) killall -9 iWorkServices
OSX.Trojan.iServices.A appears to be the first significant OS X Trojan to advance beyond the proof-of-concept or pranking stage to engage in truly malicious behavior.

I was about to post this. VegasBitch's hate for Apple has gotten out of hand...

this one is not a torrent though and comes from the apple website. :yes:

I'll let you report back to us. lol
 
I was about to post this. VegasBitch's hate for Apple has gotten out of hand...



I'll let you report back to us. lol

i have it installed, little snitch, and already had iservices trojan removal installed. the infected files were torrents and the app in question in this thread came DIRECTLY from the apple website. basically saying that i dl'd the trial as the op suggested from apple and just imput a serial. i didn't get the full version first via torrent. nothing to report except a great program.

:dance:


also if by some reason one of you DID get the trojan by downloading thru torrent then here is the removal tool. the other way take too much bs. jus dl this and scan ur system for this particular trojan.
http://www.bgol.us/board/showthread.php?t=474984&highlight=iservices+trojan+removal
 
Last edited:
i have it installed, little snitch, and already had iservices trojan removal installed. the infected files were torrents and the app in question in this thread came DIRECTLY from the apple website. basically saying that i dl'd the trial as the op suggested from apple and just imput a serial. i didn't get the full version first via torrent. nothing to report except a great program.

:dance:

Alright, I'll give it a spin. Big Ups.
 
Back
Top