Trojan virus spreads to as many as 20,000 Macs

By on Jan 23, 2009 at 5:40 PM
News January 23, 2009

Mac users who think they’ve stumbled upon greatness in the form of an alleged copy of iWork ’09 on torrent sites take note – it contains a nasty trojan known as OSX.Trojan.iServices.A. First identified by Integro Security, the trojan works like so:

When installing iWork 09, the iWorkServices package is installed. The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer’s request of an administrator password. This software is installed as a startup item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple startup items), where it has read-write-execute permissions for root. The malicious software connects to a remote server over the Internet; this means that a malicious user will be alerted that this Trojan horse is installed on different Macs, and will have the ability to connect to them and perform various actions remotely. The Trojan horse may also download additional components to an infected Mac.

It’s important to note that while this is by no means the first trojan virus outbreak that Mac users have had to deal with, it is of special interest. Unlike trojans of years past, this is the first time hackers have taken the time to concoct a malicious script to be embedded in software that a lot of people are keen to get and actively contact remote severs to cause even more damage to infected systems. If you think your system is infected, there is a simple process to cleaning your system but it does require a complete wipe unfortunately. Open Terminal and enter the following:

  1. sudo su (enter password)
  2. rm -r /System/Library/StartupItems/iWorkServices
  3. rm /private/tmp/.iWorkServices
  4. rm /usr/bin/iWorkServices
  5. rm -r /Library/Receipts/iWorkServices.pkg
  6. killall -9 iWorkServices
  7. Wipe, reformat and reinstall OS X from your master disc

Moral of the story: Buy your software or risk paying the price in other ways.

[Via MacRumors]

Read

Tags:
, , , ,
52 Comments

Related Articles

  • Ann

    I have tried to find the virus, just so I could install it on my Mac. I am not afraid of it. Time machine will have me back up and running in 20 minutes if anything happened without losing a beat.

    Besides, it appears that you do not even need any removal tools if you actually know your Mac OS. There are only a few places where any new systems files would appear and you can easily locate them, delete them and remove it from the Startup Items in System Preferences. It couldn’t be easier. Virus Schmirus. Trojan Shmojan.

    Windows users can get a good guffaw over the fact that a single pseudo trojan is supposed to trump their annual average of 250,000 trojans, viri, and worms, but the key word on this one would be “pseudo.” It’s laughable. If I download a retro Pac Man game and enter my SU username and password to install it and put it in my Startup Items, then when I boot up my computer I will run Pac Man every time, without fail, and have a good ole’ time doing it too. By the same token, if I download some mystery software written by Wong Do Chang, somewhere in Beijing, and enter in my SU username and password to install it, and Wong Do programs it to reside in my startup items, then guess what? Wong Do’s program is going to run when I boot up and it will do whatever it is that Wong Do wanted it to do. Let’s just hope Wong Do is out there writing something really cool and fun like Pac Man!

    I noticed that the PC users on this forum have mediocre to poor grammar. The Mac users seem to have been to an English class or two. I wonder if any insight can be gained from this observation?

    So, what have we learned here? Well, it seems that PC users are like vultures just waiting to pounce on Mac users when they get that first horrible virus to make up for the millions that have plagued them over the years. We have also learned that this was not really a trojan, but is in fact a program much like any other, except that it is downloaded and installed manually by users without their knowledge, because they think they are installing something else. Finally, we have confirmed the fact that there are a lot of morons out there who don’t know the difference between a virus, a trojan, or a stupid mistake.

  • ml

    I know it’s a bit late but what on earth do you think a trojan is Anne? You know the trojan horse that was let inside the city believing it to be a gift. Instead it turned out to be something nasty? You know the story. See the similarities in downloading something you believe to be a free gift and then finding out that there is something nasty in it. Mac users seem to believe that PC users just go around the internet collecting programs without any interaction at all. It’s not like that in the real world and maybe you need to open your eyes to the real world. You try and play a video and it says sorry you’ll need to download a codec to play that. You do and boom, you have a trojan. You allowed it to be installed because you believed you needed it. That is the real world and Macs are as vulnerable, if not more because most PC users have software to tell them that they have just made a serious error. Mac users could be harbouring unknown trojans. Learn what you are talking about before belittling anyone else

1 2 3
blog comments powered by Disqus