# Mac users beware:BitTorrent-embedded malware is attacking computers



## Steve615 (Feb 5, 2006)

From Yahoo Tech News:
If you are a Mac user and not using security software,now is a good time to start doing so.
The iServices.A Trojan horse is an attack being distributed via BitTorrent,where it is disguised as a bootleg copy of the new iWork 09.
Once installed,the malware takes administrator access and connects to remote servers over the Internet,where it can be given additional instructions as the author commands,from installing additional malware to stealing information off of the Mac in question.
The malware creator can also take complete remote control of any compromised machine.
Security firm Intego said that 20,000 machines had been infected with this virus,as of Jan. 21.
More info at the following link.

http://tech.yahoo.com/blogs/null/117188


----------



## Stuart Sweet (Jun 19, 2006)

A real concern, given that a lot of Macs aren't running any sort of antivirus software.


----------



## curt8403 (Dec 27, 2007)

Stuart Sweet said:


> A real concern, given that a lot of Macs aren't running any sort of antivirus software.


years ago, when I worked mac tech support, the scary prevailing attitude was that macs were immune to viruses


----------



## Ron Barry (Dec 10, 2002)

Well definitely less immune but this example shows how it gives a false sense of security. Since you don't run virus scanning software on your machine normally you should not be going out to bit torrent and downloading pirated software. Tisk Tisk. Same goes in the case of if you are running Windows and you have your AV set to scan once a week and have real-time scanning turned off for performance reasons. 

Bottom line: Unless you are confident regarding the source of the software you run on your system you should not install it.


----------



## machavez00 (Nov 2, 2006)

I don't use Bit Torrent apps after I found out Qwest slowed my connection to a crawl the one time I used Vuze. I will definitely uninstall it when I get home. Fortunately I was using a trial version of an anti virus the time.


----------



## Greg Alsobrook (Apr 2, 2007)

Ron Barry said:


> you should not be going out to bit torrent and downloading pirated software.


Exactly. No worries here. 

I do have the free version of iAntivirus... Had the computer about a year before I first ran a scan. Not one single threat found. I still run it every month or so just for fun.


----------



## Fontano (Feb 7, 2008)

The problem is, Apple is now a target by these programmers.
Just like IE vs Firefox a few years back.

Now that Firefox is a target by these groups, it's is being attacked.
Mac numbers are growing, and more casual users are getting macs. Hence the start of it for everyone.

I have lost track of how many systems I have had to clean since the start of the year, because of Socially Smart mal-ware. I am losing track. So many that I keep the software on my keychain USB stick.

I guess I better get brushed up on MAC techniques and start to know about their software as this is just going to be the start.


----------



## Greg Alsobrook (Apr 2, 2007)

There are millions and millions of macs out there... It's already "worth it" for hackers to go after them... Maybe it's just that they're _actually_ secure and that much harder to get control of...


----------



## Mike Bertelson (Jan 24, 2007)

What's a MAC?

*hey mike, what are you doin' under your desk...what the... are those flaming arrows*


----------



## deltafowler (Aug 28, 2007)

Steve615 said:


> Security firm Intego said that 20,000 machines had been infected ...


That's pretty much all of them, isn't it? :lol:

ANYONE who downloads torrents without antivirus is driving on the Autobahn while blindfolded. It's just common sense.

The top torrent site actually does a very good job of self-policing with regard to embedded trojans and viruses. Comments from users will typically flag them pretty quickly.

Ample warnings and removal instructions have already been posted. In fact, they were posted before Yahoo! News broke the story. 

If you do have the bug, here's the fix.

1) (open Terminal.app)
2) sudo su (enter password)
3) rm -r /System/Library/StartupItems/iWorkServices
4) rm /private/tmp/.iWorkServices
5) rm /usr/bin/iWorkServices
6) rm -r /Library/Receipts/iWorkServices.pkg
7) killall -9 iWorkServices


----------



## xIsamuTM (Jul 8, 2008)

Hey!!! it use bit torrent a lot. This being said, I tend to only download torrents that have enough positive comments to keep infections to a minimum. It's a given if you're using less-than-reputable software you stand the chance to get a few bugs. In my early days of getting fansubs off limewire, bearshare, and the like, I'd get enough malware on my computer that i'd end up reinstalling/reformatting everything about every 5 or 6 months. To some it's worth a day of clean-up every so often to say "I saw Love Hina before any you guys, AND i have it all on one disc!"

edit: xIsamuTM, WZOM Productions, and In Your Phase New Media do not promote the use of bit torrent or other file sharing sites/protocols for the illegal distribution of copyrighted material. please check with your local legal advisors (aka mom and dad, or the MPAA web site) before clicking on that "download torrent" link. Also, as stated above, it DOES have its own set of problems and time-wasters.


----------



## machavez00 (Nov 2, 2006)

Now it's hitting pirated versions of Photo Shop CS4
full article at link
*Mac trojan expands to affect Photoshop CS4*



> A second Mac trojan is being spread through pirated software, Intego warns. Following the discovery of a trojan linked with copies of iWork '09, the security firm says it has now found a variant, attached to pirated versions of Photoshop CS4. OSX.Trojan.iServices.B also grants a remote user root access; the new trojan is associated with the crack application however, and is spawned under a different name whenever the crack is run.


Bottom line, don't download pirated software


----------



## xIsamuTM (Jul 8, 2008)

It just proves nothing is free.


----------



## Chris Blount (Jun 22, 2001)

machavez00 said:


> Bottom line, don't download pirated software


That's pretty much the key right there. If you download pirated software, you are asking for trouble no matter what OS you are using.

I must admit that it's nice not having to be anal about antivirus software but on the other hand I'm also realistic. The Mac is not totally immune so I am cautious about what I download.


----------



## deltafowler (Aug 28, 2007)

machavez00 said:


> Bottom line, don't download pirated software


I've never been a big fan of abstention. 

But I do have enough sense to employ some protection.


----------



## Greg Alsobrook (Apr 2, 2007)

deltafowler said:


> I've never been a big fan of abstention.
> 
> But I do have enough sense to employ some protection.


Good thing. It's just plain dumb to commit a felony without antivirus software.


----------



## Stuart Sweet (Jun 19, 2006)

Fair enough, Mr. Fowler, but the policy on this site is that we stand against software piracy and do not support it, even with happy faces.


----------



## tcusta00 (Dec 31, 2007)

deltafowler said:


> ANYONE who downloads torrents without antivirus is driving on the Autobahn while blindfolded. It's just common sense.


but...



deltafowler said:


> Here's the thing about the rogue antivirus and similar programs. They're not technically a virus.
> They are installed with user interaction and compliance. AVG and other antivirus programs can't detect and stop them, because they're simply programs, not viruses in the traditional sense.
> They can easily be reached through Google search results.
> *They reside* on compromised web servers which house otherwise legitimate content, *not in bit torrents and other binaries*.
> ...


So, which is it? Do torrents carry a risk of viruses or don't they? :scratchin


----------



## deltafowler (Aug 28, 2007)

It's actually both.
The rogue antivirus software of which we spoke before does not propagate through binaries such as bit torrents and Usenet files. It is spread via compromised or intentionally so configured web servers.

Viruses and trojans can be and sometimes are attached to binaries, and they can be spread via torrents and other binaries, such as e-mail jokes, flash programs, and even the innocuous jpg or pdf file.

The point of the first quoted post was that you were wrong as could be in saying that the specific rogue programs were resident in bit torrents.

The point of the second post was to point out that anyone who does choose to venture into the red-light district after dark had better know their way around.


----------



## xIsamuTM (Jul 8, 2008)

deltafowler said:


> anyone who does choose to venture into the red-light district after dark had better know their way around.


Given what most people download off isohunt, it seems a very appropriate statement :blush:


----------



## deltafowler (Aug 28, 2007)

xIsamuTM said:


> Given what most people download off isohunt, it seems a very appropriate statement :blush:


Sounds like experience talking


----------



## xIsamuTM (Jul 8, 2008)

I plead the 20th


----------



## Stuart Sweet (Jun 19, 2006)

OK, I think that we've gone far enough down that road. Suffice it to say that piracy is illegal and some of our members unwisely choose to reveal the fact that they participate in illegal activities. Let's get back to topic, please.


----------



## xIsamuTM (Jul 8, 2008)

very well. something I kinda want to know is how viruses/malware are taylored to a specific browser? do they use IE or firefox to transmit info back and forth, i kinda figured they just looked at your screen/what you are typing to get your info or just told your computer "load this dudes primary browser and show xabylaracrono.evilpopup."


----------



## Stewart Vernon (Jan 7, 2005)

I don't know if this applies to the warnings in this thread...

but there are also bogus virus detections designed to get you to install anti-virus programs that you don't need.

I clicked a link on a Web site about a month ago that took me to a near-infinite loop trying to download a "free scanner" to my system that said I was infected with something and strongly suggested I buy their antivirus program. Fortunately I was already protected from this attempt, but it was aggravating getting my browser working properly again.

This has been a recent trend to create things that look like a virus and send a free utility to clean it... which actually is a trojan designed to nag you into buying a particular antivirus program.

Reputable companies like Symantec don't do it... but some of the smaller ones are on the bandwagon.

So you not only have to worry about the malicious virus, but the malicious antivirus software companies too!


----------



## deltafowler (Aug 28, 2007)

HDMe,
That is one of the rogue programs to which I referred. They come from websites, not from binary downloads.
When those screens pop up, the ONLY way to get out unscathed is to use ALT + F4 to close all open dialogues. Clicking the red X is the same as saying Yes.


----------



## fmcomputer (Oct 14, 2006)

MicroBeta said:


> What's a MAC?
> 
> *hey mike, what are you doin' under your desk...what the... are those flaming arrows*


Something McDonalds sells...


----------

