Skip to main content

Virus Found in Pirated Copies of iWork'09

The iWork suite of programs was announced to be receiving an update at this year's MacWorld keynote and since then, a free 30 day trial version has been available through Apple's website for OSX users to try.  The software package bundles popular productivity programs Pages, Numbers and Keynote and has received generally positive comments from users.

However, Intego, the developers of VirusBarrier for OSX released a security alert today claiming pirated versions of iWork '09 contains a malicious Trojan Virus.  The virus is reported to automatically install as soon as the administrator password is provided to OSX upon the installation of the pirated iWork '09 package.  Once installed, the Trojan is then embedded in the startup programs folder and renamed to "iWorkServices".

Ultimately, the Trojan is designed to connect to a remote server and alert that server it is currently running on the infected system.  This allows the virus to then receive instructions for malicious code excution or receive additional downloads.  Perhaps the most disturbing news is that the Trojan also retains root access and does not require any further input from the user to execute anything else.

The Unofficial Apple Weblog reports that the iWork '09 installation package does not contain the Trojan but rather acts as the catalyst for the Trojan to be installed.  It is also important to note that this Trojan will not self propagate and will only infect a Mac if the altered iWork '09 installer is executed.

Intego notes that users of their VirusBarrier X4 and X5 software packages are protected from this Trojan.  However, this news comes just days after Apple announced that they will be removing serial key anti-piracy protection from the retail copies of iWork '09.  With the iWork '09 suite costing $79 from Apple, there isn't a major reason for users to be pirating this software.  However, Intego said that by their estimates, "As of 6 am EST (January 22, 2009), at least 20,000 people have downloaded this installer."

With Mac's and OSX gaining ground and popularity among users, it is not unusual to expect more malware and viruses to be found in the future.  As always, it is not advised to be downloading pirated software regardless of your operating system of choice.

  • hellwig
    Oh My God! An Apple Virus! Oh no! Now, if only Apple users weren't so smug about their "Secure OS", maybe some of them would have had a virus scanner installed.

    And since when is a virus in a pirated copy of anything news? I guess only Mac users are ignorant of this fact. People, pirating IS stealing. Therefore, people who offer "stolen goods" will probably be willing to do other less-than-reputable things, such as install virus's in the pirated software. It's kinda like buying a stolen Rolax on the street. No, that 'a' isn't a valuable misprint.
    Reply
  • timaahhh
    Therefore, people who offer "stolen goods" will probably be willing to do other less-than-reputable things, such as install virus's in the pirated software.
    INDEED
    Reply
  • ryokinshin
    "The Unofficial Apple Weblog reports that the iWork '09 installation package does not contain the Trojan but rather acts as the catalyst for the Trojan to be installed."

    Learn to read.
    Reply
  • Pei-chen
    Why would Apple user that already overpaid for their hardware pirates software? It is akin to putting firestone tires on a Volvo/Saab.
    Reply
  • kamkal
    iwork = handicapped version of office

    Reply
  • Tekkamanraiden
    That's just funny.
    Reply
  • Ah, no. A trojan is a malicious program that masquerades as an innocent one. (Example: a pirated game that really contained spyware, or a keystroke logger) Trojans require malicious intent on the part of the entity distributing the software, in this case Apple.

    Are you trying to say that Apple did this intentionally? No, of course not. So that makes this merely an infected program, not a trojan.

    I hate to be pedantic, but as a technology professional, it drives me up the wall when people just use the wrong terms to describe things.
    Reply
  • @Douglas Muth:
    Malicious program = check
    Masquerade = check (renames itself to "iWorkServices")
    Distribution with intent = check (pirates are the distribution, as stated, iWork doesn't contain the virus, but is the catalyst.

    Sorry but it looks like a trojan to me.
    Reply
  • Tedders
    Before you start thinking that all of us Mac users are stupid and take everything for granted, you might want to think about how all Mac users are not the same. Yes, a lot of us think they we cant get a virus, but most of know its not true. Whether you like it or not, the statistical chance of a Mac getting a virus is much lower than a Windows machine. Will the chances get better in the future? Of course they will. Just because some of them act "smug" doesn't mean the rest of them are. There are just as many "smug" Windows users out there.
    Reply
  • nekatreven
    TeddersBefore you start thinking that all of us Mac users are stupid and take everything for granted, you might want to think about how all Mac users are not the same. Yes, a lot of us think they we cant get a virus, but most of know its not true. Whether you like it or not, the statistical chance of a Mac getting a virus is much lower than a Windows machine. Will the chances get better in the future? Of course they will. Just because some of them act "smug" doesn't mean the rest of them are. There are just as many "smug" Windows users out there.
    I don't know that I've ever seen it phrased better than that. I'll bash the smug mac users all day, but I love mac users with some sense. Well said.
    Reply