Groups

    iWork '09 trojan infects at least 20,000 machines?

    Found this on a blog spot - originally from engadget.com. Thought I would post it because there was a post to get a free download not so long ago on here!

    Quite a number of no-goodniks who thought they'd save a few bucks by downloading a pirated version of iWork '09 have gotten more than they'd bargained for -- in the form of a Trojan Horse called OSX.Trojan.iServices.A. This guy installs itself in the computer's startup as root, and once in place it can connect to a remote server and broadcast its location, allowing malicious users to take charge of the machine remotely. And since it has root access to the OS, the trojan can not only install additional components but can also modify existing apps, making this thing extremely difficult to remove. According to a white paper released by Intego, at least 20,000 people may have downloaded the infected software -- which they'll get around to installing as soon as they finish those episodes of Celebrity Rehab they grabbed at the same time.

    11 Comments

    so is there no cure

    Original Poster

    I think they are trying to remedy it.

    linw;4162129

    so is there no cure



    Buying it rather than illegally downloading it would be a good preventative measure :whistling:

    I downloaded it from Apple, the 30-day trial so it shouldn't be in there.

    linw;4162129

    so is there no cure



    Apparently this should work:
    1. (open Terminal.app)
    2. sudo su (enter password)
    3. rm -r /System/Library/StartupItems/iWorkServices
    4. rm /private/tmp/.iWorkServices
    5. rm /usr/bin/iWorkServices
    6. rm -r /Library/Receipts/iWorkServices.pkg
    7. killall -9 iWorkServices

    Magic_monkey;4162431

    I downloaded it from Apple, the 30-day trial so it shouldn't be in there.



    This is the version that people downloaded over p2p. The trial version should be ok.

    Turn on show hidden/invisible files and search for iWorkServices in /System/Library/StartupItems.


    iWorkServices is the malicious Trojan that's installed along with iWork.

    well if it has root you may be able to remove the trojan but will never know what other backdoors the person in control has opened up.
    rule of any unix based os is to reinstall if root has been compromised

    megalomaniac;4162296

    Buying it rather than illegally downloading it would be a good … Buying it rather than illegally downloading it would be a good preventative measure :whistling:

    just to clarify i havent got this trojan and have not downloaded illegally from anywhere i was just wondering

    Magic_monkey;4162449

    Apparently this should work:1. (open Terminal.app)2. sudo su (enter … Apparently this should work:1. (open Terminal.app)2. sudo su (enter password)3. rm -r /System/Library/StartupItems/iWorkServices4. rm /private/tmp/.iWorkServices5. rm /usr/bin/iWorkServices6. rm -r /Library/Receipts/iWorkServices.pkg7. killall -9 iWorkServices


    is this a program or dos

    linw;4163628

    is this a program or dos



    Terminal is the mac equivalent of dos.
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. Supermarket may have sold Sausages & Other Pork products may have been inf…1536
      2. Are these two things distinctly different to you?2589
      3. 'Hard' Brexit offers '£135bn annual boost' to economy - BBC News1220
      4. USS Indianapolis wreckage to be considered as a war memorial1219

      See more discussions