iWork '09 trojan infects at least 20,000 machines? - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

iWork '09 trojan infects at least 20,000 machines?

Charlie23 Avatar
7y, 11m agoPosted 7 years, 11 months ago
Found this on a blog spot - originally from http://www.engadget.com. Thought I would post it because there was a post to get a free download not so long ago on here!

Quite a number of no-goodniks who thought they'd save a few bucks by downloading a pirated version of iWork '09 have gotten more than they'd bargained for -- in the form of a Trojan Horse called OSX.Trojan.iServices.A. This guy installs itself in the computer's startup as root, and once in place it can connect to a remote server and broadcast its location, allowing malicious users to take charge of the machine remotely. And since it has root access to the OS, the trojan can not only install additional components but can also modify existing apps, making this thing extremely difficult to remove. According to a white paper released by Intego, at least 20,000 people may have downloaded the infected software -- which they'll get around to installing as soon as they finish those episodes of Celebrity Rehab they grabbed at the same time.
Charlie23 Avatar
7y, 11m agoPosted 7 years, 11 months ago
Options

All Comments

(11) Jump to unreadPost a comment
Comments/page:
#1
so is there no cure
#2
I think they are trying to remedy it.
#3
linw
so is there no cure


Buying it rather than illegally downloading it would be a good preventative measure :whistling:
#4
I downloaded it from Apple, the 30-day trial so it shouldn't be in there.
#5
linw
so is there no cure


Apparently this should work:
1. (open Terminal.app)
2. sudo su (enter password)
3. rm -r /System/Library/StartupItems/iWorkServices
4. rm /private/tmp/.iWorkServices
5. rm /usr/bin/iWorkServices
6. rm -r /Library/Receipts/iWorkServices.pkg
7. killall -9 iWorkServices
#6
Magic_monkey
I downloaded it from Apple, the 30-day trial so it shouldn't be in there.


This is the version that people downloaded over p2p. The trial version should be ok.
#7
Turn on show hidden/invisible files and search for iWorkServices in /System/Library/StartupItems.


iWorkServices is the malicious Trojan that's installed along with iWork.
#8
well if it has root you may be able to remove the trojan but will never know what other backdoors the person in control has opened up.
rule of any unix based os is to reinstall if root has been compromised
#9
megalomaniac
Buying it rather than illegally downloading it would be a good preventative measure :whistling:
just to clarify i havent got this trojan and have not downloaded illegally from anywhere i was just wondering
#10
Magic_monkey
Apparently this should work:
1. (open Terminal.app)
2. sudo su (enter password)
3. rm -r /System/Library/StartupItems/iWorkServices
4. rm /private/tmp/.iWorkServices
5. rm /usr/bin/iWorkServices
6. rm -r /Library/Receipts/iWorkServices.pkg
7. killall -9 iWorkServices

is this a program or dos
#11
linw
is this a program or dos


Terminal is the mac equivalent of dos.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!