iWork '09 trojan infects at least 20,000 machines

Engadget.com ^ | 1/22/09 | Joseph L Flatley

[dangerdoc]

Quite a number of no-googniks who thought they'd safe a few bucks by downloading a pirated version of iWork 09 have gotten more than they'd bargained for, in the form of a Trojan Horse called OSX.Trojan.IServices.A This guy installs itself in the computer's startup as root, and once in place can connect to a remote server and broadcast its location, allowing malicious users to take charge of the machine remotely. An since it has root access to the OS, the trojan can not only install additional components but can also modify existing apps, making this thing extremely difficult to remove.

[dangerdoc]

I'm assuming the trial from Apple is safe.

[Keith in Iowa]

I think the OEM version should be OK.

[devane617]

I’m on a MacBook now. Interesting to see an Apple get hacked...

[ClearBlueSky]

Being relatively computer literate, I understand how viruses work, but would someone please tell me WHY??
WHY would people spend so much time and talent creating these things to destroy the property of people they don’t even know. Is there money in it? What’s the point of destroying the Internet THEY ARE USING by making it so dangerous? Can someone ‘splain it to me?

[null and void]

Same reason a dog licks itself.

[antiRepublicrat]

Idiots downloading infested pirated apps ping.

[DaGman]

"Being relatively computer literate, I understand how viruses work, but would someone please tell me WHY?? WHY would people spend so much time and talent creating these things to destroy the property of people they don’t even know. Is there money in it? What’s the point of destroying the Internet THEY ARE USING by making it so dangerous? Can someone ‘splain it to me?"

The simple straight answer is, because they can. As stupid as that may sound, they actually get a feather in their cap and are considered "elite" among their peers for doing it. It's a rather hedonistic attitude, but it is what it is.

[rwfromkansas]

Yeah, if you buy it legally, it should be fine.

[ketsu]

I’m on a MacBook now. Interesting to see an Apple get hacked...

It's not an exploit so much as social engineering.

[tacticalogic]

Once a trojan is in place on your computer, they can remotely access it and program it to do whatever they want. Send spam, launch an attack against other computers, search for anything on your computer that looks like a credit card number or userids and passwords, or watch for you to open particular web sites, like online banking sites, and record the keystrokes you enter when you log in and send them the information.

[ketsu]

Being relatively computer literate, I understand how viruses work, but would someone please tell me WHY?? WHY would people spend so much time and talent creating these things to destroy the property of people they don’t even know. Is there money in it? What’s the point of destroying the Internet THEY ARE USING by making it so dangerous? Can someone ‘splain it to me?

Look up the economics of malware. Trojans like this one can make *millions* for their creator, you can use them to steal credit cards, send spam(which is $$$$$$ believe it or not) etc...

[antiRepublicrat]

Can someone ‘splain it to me?

Money. The trojans are used for spam and DDOS extortion botnets. Something like this requires no talent though. Just slip a standard botnet script into the iWork installer.

Other cracks that take much more talent to pull off are usually done either for money or to improve the reputation of the cracker in the community, or both. The skilled hacker community looks down on simplistic trojans such as this. Only script kiddies (bored, relatively talentless, malicious kids -- the modern vandalism) and organized crime think this is cool.

[Richard Kimball]

Keyloggers can identify which bank website you log into and record your name and SN, so some of it is profit motive. Also, I knew one guy who got a visit from the FBI. His computer was being used as a server for child porn web sites. FBI confirmed the guy didn't even know it was on his computer. Trojan infection, remote access, use the guy's computer for any illegal activity you wish, and you've left no footprints authorities can follow.

And, as Alfred put it in the Dark Knight, "Some men just want to see the world burn."

[Proud_texan]

Just to add a bit to tacticalogic's excellent reply my recent experience is that they also use compromised computers to engage in "referrer spam" which, while a problem for some time, seems to be getting worse.

In a nutshell some search engines look at the number of links to a site as one measure of popularity. Bot, or zombie machines will go around hitting sites with info that they were referred by a particular site and that site is shown in web and blog logs as a referrer and points back to that site. Bingo, that referring site gets a gold star from the search engine.

To a lesser degree some people sell "traffic". This traffic can cause a site to make money from ad impressions and improve their traffic ranking. Again zombie machines are commonly used for purchased traffic.

It's just a money making thing, they could care less about the Internet. Twenty years ago it would have been some other scam, now it's just easier since they can do it on a large scale for very little investment.

Think of spam. Who in their right mind would click on spam and actually give a strange site money? Very, very few people but spammers can send out a million emails for next to nothing and if they get just one hit they're ahead.

[blueyon]

“Being relatively computer literate, I understand how viruses work, but would someone please tell me WHY??
WHY would people spend so much time and talent creating these things to destroy the property of people they don’t even know. Is there money in it? What’s the point of destroying the Internet THEY ARE USING by making it so dangerous? Can someone ‘splain it to me?”

DEMOCRATS LOL

[kalee]

ping

[r9etb]

I'm assuming the trial from Apple is safe.

Perhaps. Depends on the nature of what they hacked in the pirated version, and if they can find a way to apply their trojan in a way that does not involve a full download.

One thing this event helps to point out, is the potential dangers of open-source software. Yes, this trojan was placed into "pirated" software, but it could as easily have been placed in something open-source, and downloaded by its victims on that basis.

If the hackers are content to achieve a series of "occasional infections," similar to what happened here, then providing links to their own versions of open-source software can provide that access.

[ghostrider]

....but it could as easily have been placed in something open-source, and downloaded by its victims on that basis.

Does this only apply to downloaded executable programs, or does it also apply to picture downloads - like from YouTube & picture files?

[Zhang Fei]

“Being relatively computer literate, I understand how viruses work, but would someone please tell me WHY??”

After they get your account number and password, they can loot your bank and brokerage accounts via wire transfers. If you don’t look at your account regularly and don’t get paper statements, the money could be gone before you notice it. A pickpocket can steal your wallet - these people can steal every dime you own in an online-accessible account.

[AFreeBird]

Other than the reasons already mentioned; some of these people (the really good ones) can actually make a legitimate living with their “Black Hat’ knowledge. Either by consulting with companies on security procedures, and/or writing things to test new detection algorithms, or reverse engineering and backtracing existing ones in the wild. That’s the “White Hat” side of the same coin.