iWork ‘09 virus affects 20,000+

Trojan Virus affects thousands of pirated copies of Apple’s iWork ‘09 Suite

20090122-apple-iwork

Malware masquerading as part of Apple’s iWork ‘09 suite has targeted unsuspecting Mac users foolish enough to illegally download and install the pirated version of the software commonly found on warez sites around the Web.

Once iWork ‘09 is downloaded and installed, the trojan horse named OSX.Trojan.iServices.A, obtains unrestrained root access, which it immediately uses to connect to a remote server over the Internet. A secondary download installs malware that makes victims part of a botnet army that is said to be attacking undisclosed websites. According to Mac antivirus software maker Intego, this is the latest reminder of the growing popularity of Apple’s OS X and virus & malware developers. Over the past year, a mix of trojans and exploits have been targeting OS X at increasing rates.

Update: If you were one of the unfortunate users to get infected with the iWork ‘09 virus or the Photoshop CS4 virus, SecureMac.com, Inc. has developed an “iServices Trojan Removal Tool” that successfully checks for an deletes both virus versions (OSX.Trojan.iServices.A and OSX.Trojan.iServices.B). To download the virus-remover please visit MacUpdate at the end of the article.

It is believed that more than 20,000 50,000 people have already downloaded the rogue installer. The pirated software does however contain a fully functional version of iWork.

We urge all readers and users to purchase software to avoid viruses and malware and most importantly to support the hard working people who spend countless hours fine-tuning and designing great software.

Apple iWork '09 Virus found in Adobe Photoshop CS4

Important Update: The offspring of the iWork ‘09 virus has been found in over 10,000+ downloads of Adobe’s Photoshop CS4 professional photo editing software.

The new spawn is named OSX.Trojan.iServices.B and has the same malicious intent as the original virus from iWork ‘09. Please follow the link below to read AtomicSub’s article on the Photoshop CS4 virus.

Intego Security has classified this as a serious risk, more at the link:

Click here to read AtomicSub’s article on the new Adobe Photoshop CS4 Trojan Virus.

Click here to download the iServices Trojan Removal Tool from MacUpdate.com

Norton Internet Security 2009 - 2-yr Protection

10% OFF - NEW Norton Internet Security 2009 (code: 10offnis09, ends 2/28/09)

Share and Enjoy:
  • E-mail this story to a friend!
  • Print this article!
  • Reddit
  • Digg
  • del.icio.us
  • TwitThis
  • Live
  • Google
  • Sphinn
  • MySpace
  • Facebook
  • StumbleUpon
  • LinkedIn
  • Mixx
  • Technorati

16 Comments

  1. Rick says:

    don’t steal software and buy it, you won’t have these problems!

    1. Mystech says:

      Indeed, always buy from large manufacturer’s because their products are safe, secure and fair.

      *cough* Sony Root Kit *cough*
      *cough* Infected Digital Picture Frames*
      *cough* Faulty/Malicious OS X & Windows Patches*
      *cough* Invasive system monitoring World of Warcraft*

      Whew, I need to have this cough looked at. It’s getting serious. :-)

      1. comacozy says:

        its not the virus in majority that crash and slow down a PC or any computer out there its the spy wear and malwear that fuck up the systems from any website that has a popups on them that is what slows down a computer beyound all reason. Ive had 4 pc over the last 8 years and only recieved two virus’s on my computers.

  2. Arnold S. says:

    Strange that all of the sudden two identical trojans are released into the unholy world of bittorrenting and piracy… could be the pirates, maybe AV makers trying to spike sales, but certainly odd from a security perspective.

  3. [...] Go here to learn how to remove the Photoshop CS4 OSX.Trojan.iServices.B with a new tool from SecureMac.com, Inc. Share and Enjoy: [...]

  4. JImmy Dolittle says:

    Wow you just gotta hate those stupid trojans!

    RT
    http://www.online-anonymity.at.tc

  5. nirs says:

    No, don’t buy your software - use free software, and you will not have this virus.

    Instead of PhotoShop, you can use Gimp http://gimp.org/

    1. rhavenn says:

      Yeah, it’s not like development repository servers have ever been hacked and had malicious code inserted into the code tree. Open source is all great and good, but it’s not like you scan the source before installing a package, etc…. Granted, more eyes are paying attention and a problem like that is usually caught quickly. However, potentially it could cause issues as repositories are normally blindly trusted by majority of users.

      note: I run FreeBSD and Linux exclusively, so no flaming on that note.

  6. JT says:

    It’s about time. Too many smug repetitions of “Only windows computers get viruses!” from idiot mac users have driven someone to finally do something about it.

    Namely, proving that running executable code can destroy any operating system, period, and the only thing preventing that is a smart user.

    This story makes me so happy. Hopefully, it will shut the collective mouth of the mac propaganda army for a brief moment…

    1. sp says:

      Not really, the mac still has no viruses, nothing that can spread wildly like on the windows side. These little toys are a pathetic attempt to scare people. The fact is, you have to download it to your computer, run it, give it your root password and only then can it do anything. This is a non story. I can write you a simple script for any OS that if you run it and give it an admin password it will wipe your drive or any number of bad things, that doesn’t make it a virus. This just shows stupid people can be stupid. The fact is, there are still zero real viruses in the wild for OSX that spread on their own and replicate, that can’t be said for windows. So yes I will continue to be smug because I am safe from all those, and for crap like these trojans, I’m not stupid enough to supply my password.

      1. Mystech says:

        So what we are saying here is that the perceived security of OS X has created a substantial number of users that will give out their admin password because they believe that security best practices are not necessary because the OS X will protect them. It’s like some SUV owners that drive aggressively because they think their vehicle is invincible. And for the record, I own and use Windows, OS X and Linux machines. I’ve seen them all break and fall short of the fanboi delusions of each to know better than to buy the posturing.

        1) Turn down Fall Out Boy in iTunes
        2) READ the dialogue box
        3) Learn to use the Cancel/Deny button, it works with even one mouse button.

  7. eulogioua says:

    Get Little Snitch. It’s a firewall that blocks OUTGOING connections, instead of incoming. This way it will tell you that a program wants to access the internet. If I would have downloaded either of these programs (iWork of CS4), Little Snitch would have warned me and told me the name of the program (virus) BEFORE it access the internet. Nothing would get downloaded, and I would then know that another program is installed that I didn’t install and then I would have researched it and removed it before any damage was done. Been running OS X for 4 years and still virus free and will be for the unforeseeable future. You just have to be smart about the being on the internet no matter what Operating System you are using.

    SP: If you wanted to install iWork ‘09 you HAVE to give your admin password, and then you would have the “virus”. It was part of the actual install, not a seperate install, so if you planned on installing that version of iWork, read all the warnings and EULA, you would still have a “virus” installed and you would have no idea because it was included in the actual install of iWork (see above to prevent most viruses/trogans/malware from doing any damage). That’s why this “virus” was a bad one.

    This is more of a social engineering stunt than anything. Whoever released this knew that people would download it, and then HAVE to give out their password in order to actually install the program. Very clever on their part.

    Final comment, be smart when surfing the web and protect yourself.

    eulogious

  8. Moose says:

    [quote]Namely, proving that running executable code can destroy any operating system, period, and the only thing preventing that is a smart user.[/quote]
    Lets just pretend that is the only way a Windows machine can get a virus and forget about RPC DCOM exploits from the past.

  9. jklklj says:

    Its ok, most mac users have STD, now their crap macs are infected too. Macs are for pretentious asswipes.

    1. Municks says:

      Wow that must be the most ignorant thing I’ve read this week. I’m not seeing where this perceived notion is coming from that all Mac users have their nose stuck in their asses. Visual artists (graphic designers,etc.) popularized the Mac because it is a FACT Mac OS is easier to use for those less technologically minded and JUST WORKS and doesn’t bother you about updates, virus protection, firewall, etc. The “pretentious asswipes” came after the fact.

      I am by no means a fanboy as I dual boot Vista just to play my games but you can’t say PC users are not immune to showing off their e-peen such as by putting their ‘leet’ stats in signatures on overclocking forums. PC and Mac each have their individual uses in the business world, it’s just people like you that turn the differences into childish “my dad is stronger than yours” type battles.

  10. [...] This is by far the worst assumption made about a Mac. The reason there may not be any viruses around for macs is because of their awful market share. Why would someone code a virus that only effects a small amount of people when they could spend equal time coding a virus that would effect a much larger user base. Recently, however, there was a trojan inside copies of iWork 09 and Adobe Photoshop CS4 found on P2P networks. The trojan was said to effect an estimated 50,000 people. You can read more about the trojan here. [...]

Leave a Reply