AppleInsider › Forums › Software › Mac Software › Two new trojan horses threaten Mac software pirates
New Posts  All Forums:Forum Nav:

Two new trojan horses threaten Mac software pirates - Page 2

post #41 of 92
1/26/09 at 10:49am
I agree that software piracy is illegal and stupid. What about the trojan writers? Sure, they're just inflicting a little karma on the pirates, but don't they need to be taught a lesson. Intego needs to make public the 2 IP addresses that the trojan is contacting. Maybe somebody could DDoS them and shut down the threat on that end.
Reply
Reply
post #42 of 92
1/26/09 at 10:50am
Quote:
Originally Posted by tomkarl View Post

Stealing is stealing no matter how much you try to justify or rationalize it.

Have a nice life. Karma can be a nasty thing.

Well this is just an idiotic thing to say. If the magical force of "karma" is indeed a real thing, then I guess you will also have a few problems yourself later on, right?

What's the karmic return on being dumb?
In Windows, a window can be a document, it can be an application, or it can be a window that contains other documents or applications. Theres just no consistency. Its just a big grab bag of monkey...
Reply
In Windows, a window can be a document, it can be an application, or it can be a window that contains other documents or applications. Theres just no consistency. Its just a big grab bag of monkey...
Reply
post #43 of 92
1/26/09 at 10:54am
Quote:
Originally Posted by Matthew Yohe View Post

The number of idiots downloading these astound me. Especially since they could both be downloaded directly from their respective manufacturer.

Honestly, they get what is coming to them.

What I find amusing is that while Windows malware writers are hitting left and right in all ways they can, the only currently publicized Mac Malware is targetting only those that pirate. So the innocent and good people that pay for what's on their computers are safe.

It's like a computer version of Dexter, only killing bad people.

Quote:
Originally Posted by copeland View Post

How does Intego know the exact numbers how often these "spezial" software packages have been downloaded.

they are coming from torrent sites who often publish the number of downloads because in torrent culture a high download count is like a 5 star rating.
Reply
Reply
post #44 of 92
1/26/09 at 11:00am
There are others working on this to prove it was from a startup Mac AV software company. You gotta be kidding me naming the service "Trojan" unless you made some lame couple line code application to remove it, IF YOU PAY for that program...

There are many ways to prevent piracy but with the small market share of the Mac, the fact there is NO difference between single user and family pack, Apple has found most Mac users to be fair and honest.

So to recap and summarize: You want to infect the uninfectable Mac? You need the user to be tricked into giving you the rights so you take an app people will/likely steal and modify the Installer (very easy to do, it comes with every mac called Xcode) and have it add your service. The service then acts like an IRC program that then has the rights to run certain things on that mac.

This demonstration was done years ago in 10.4 early days. It was also easily caught because EVEN though it has Root privileges it still calls the user for a password to install on certain things. This is where the new 10.5 security features came into play.
Reply
Reply
post #45 of 92
1/26/09 at 11:06am
Quote:
Originally Posted by MJ Web View Post

If someone with the Flu sneezes in your face you may just catch the bug! Worms can spread from computer to computer in a variety of ways.

Malicious software can spread itself in many different ways. However, there is no evidence that this is spreading itself by any means other than infected pirate software.

Mostly I was laughing at the unintentional implied approval of pirating software, and also that every article or press release put out by an anti-virus company eventually ends as an advertisement for their products.
Reply
Reply
post #46 of 92
1/26/09 at 11:09am
Quote:
Originally Posted by Matthew Yohe View Post

The number of idiots downloading these astound me. Especially since they could both be downloaded directly from their respective manufacturer.

Honestly, they get what is coming to them.

Adobe has crazy pricing and generally sell crazy packages with stupid collection of apps that most users won't ever need. The price is too steep to suddenly jump onto the legitimate train for most users. They have too little competition so they behave accordingly... and now since they bought Macromedia they successfully eliminated one of its competitors. Hacking their apps is a protest against their policy. It won't hurt them too bad. It helps them sustain market share you know. Pirated market share is the next best to legitimate market share.
CS4 seems very aggressive to keep the the pirates away, successfully hurting their own market share in the industry... makes me wonder what's going on in the cellar of Adobe...
Reply
Reply
post #47 of 92
1/26/09 at 11:19am
Why in the world would someone pirate iWork from a torrent site when it is available for download straight from apple.com? All you need is a serial.
Reply
Reply
post #48 of 92
1/26/09 at 11:40am
I agree with the general tone here which is they got what they deserved.

Look, if you go into a convenient store and grab a shit load of cheese puffs, hot pockets and beer and take off for the exit without paying and on the way out the door you slip and fall on some ice and break your wrist... oh well. You got what you deserved. This is no different and definitely no reason anyone should feel sorry for them.
Reply
Reply
post #49 of 92
1/26/09 at 11:51am
Quote:
Originally Posted by palegolas View Post

Adobe has crazy pricing and generally sell crazy packages with stupid collection of apps that most users won't ever need. The price is too steep to suddenly jump onto the legitimate train for most users. They have too little competition so they behave accordingly... and now since they bought Macromedia they successfully eliminated one of its competitors. Hacking their apps is a protest against their policy. It won't hurt them too bad. It helps them sustain market share you know. Pirated market share is the next best to legitimate market share.
CS4 seems very aggressive to keep the the pirates away, successfully hurting their own market share in the industry... makes me wonder what's going on in the cellar of Adobe...

I have to say, the copy protection embedded in Adobe CS3 is doing-my-head-in at the moment.

I understand the need for Adobe to protect their intellectual property - and hence the need for some means of copy protection, but Adobes current implementation throws up too many barriers for legitimate, paying customers.

When it is easier for thieves to download and crack the software, than it is for legitimate users to manage their installations, then Adobe has a problem.

Even although I have purchased CS3, and have a valid serial number etc., currently it would be easier for me to install a cracked version, as I have reached the unpublished 'Deactivation Limit' which Adobe keeps hush.

I won't be buying CS4, because of the issues I have run into with activation/deactivation of CS3. I would happily pay for CS4, I don't have a problem with the price, but I do have a problem with not being able to use it as I see fit.
OK, can I have my matte Apple display, now?
Reply
OK, can I have my matte Apple display, now?
Reply
post #50 of 92
1/26/09 at 12:41pm
Well Guys,
It looks like we've been doing pretty well in helping convert the Windows users over to Macs. Now it looks like we're going to have to help teach them how wrong it is to pirate software and the damage it can cause. You think they would have learned this already with running Windows but I guess old habits die hard.
Reply
Reply
post #51 of 92
1/26/09 at 12:45pm
Quote:
Originally Posted by copeland View Post

How does Intego know the exact numbers how often these "spezial" software packages have been downloaded. I would think if these packages are on P2P no one can really know!

Its probably Intego who got paid by microsoft to start making viruses so that 1 it actualy had something to defend and 2 Not make Windows look like such a vulnurable piece of crap. (just kidding.. i think.. but a funny thought)

And I agree with whoever said that you can just do it the good ol fashion legal way if your gonna get software. I mean yea photoshop CS4 is like what 500. 600 bucks but if your actualy a user who needs it will fork it over. Im planning on purchasing the CS4 design premium and thatll set me back a good 1600 bucks i think it is. almost the price of the computer itself lol
Reply
Reply
post #52 of 92
1/26/09 at 12:55pm
No one can seem to find these 20,000 people that Intego claims exist. I've looked at the file list for every copy of CS4 and iWork 09 that I can find, and I do not see these files.

Intego is a small virus software company that's about to get clobbered by the recession. And now we all know that Appleinsider is either in bed with them (and knowingly posted this bullshit), or are idiots (and unknowingly posted this bullshit without checking their facts). Either way, they both lose. Appleinsider has shown itself to be a worthless source of information, and Intego has shown itself to be shady and untrustworthy.
Reply
Reply
post #53 of 92
1/26/09 at 1:04pm
Quote:
Originally Posted by p0okala View Post

No one can seem to find these 20,000 people that Intego claims exist. I've looked at the file list for every copy of CS4 and iWork 09 that I can find, and I do not see these files.

Intego is a small virus software company that's about to get clobbered by the recession. And now we all know that Appleinsider is either in bed with them (and knowingly posted this bullshit), or are idiots (and unknowingly posted this bullshit without checking their facts). Either way, they both lose. Appleinsider has shown itself to be a worthless source of information, and Intego has shown itself to be shady and untrustworthy.

There just posting the Feed. It's on front Page of Yahoo.com same word/word article.

There are some that "believe" Intego created this, distributed it... Then a week later claim a way to remove it.
Reply
Reply
post #54 of 92
1/26/09 at 1:16pm
Quote:
Originally Posted by tomkarl View Post

So stealing is ok as long as what is being stolen is expensive?

Gotta love that logic.

You got that wrong. What he meant was: stealing from a crook is not stealing.
Reply
Reply
post #55 of 92
1/26/09 at 1:43pm
If case someone has this trogan installed here is how to remove it. I did not install iWork on my Macbook, but I was curious if I had anything on it so I ran this program and I also ran MacScan. Lo and behold, found nothing.

http://www.securemac.com/

or just download here:

http://macscan.securemac.com/files/i...emovalTool.dmg
Reply
Reply
post #56 of 92
1/26/09 at 1:45pm
Quote:
Originally Posted by JimMcDosh View Post

Kinda makes me glad I use Linux!

RT
www.total-privacy.us.tc


Wellll, yesss....... but even Linux can be vulnerable to Trojans..... it requires some kind of 'user participation', but you can be just as at risk if you get fooled into installing it....

Someone earlier tried to say that virii, trojans, etc. were synonymous. Only true in that they all fall into the 'malware' category..... but the names as defined are pretty good differentiators.

Virus : malware that can infect a system without direct user involvement. Typically spreads/replicates itself to other systems. (Like a real virus... thus the name.)

Trojan : Concept derived from the famous "Trojan Horse" story. Typically embedded malware that looks like something else, but hides itself until it's 'inside the walls'. Usually requires some kind of direct user action. Not usually able to self-replicate, although Trojans can carry a virus as part of their package.

So far, the only active 'in the wild' OSX malware I've read about requires spoofing, trojans, or other 'social trickery' to overcome security safeguards.

Exploiting ignorance is a terrible weapon...


Funny, the first question that popped into my head when reading the post was, "Did Intego plant this thing??"..... it's almost too obvious, you know?

Thinking like that makes me some kind of crazy conspiracy theorist though, doesn't it.....
Reply
Reply
post #57 of 92
1/26/09 at 1:46pm
Quote:
Originally Posted by toysandme View Post

You got that wrong. What he meant was: stealing from a crook is not stealing.

Check your dictionary. Stealing is taking something that does not belong to you. It has nothing to do with the person/company you took it from.

Last I checked, Adobe was an upstanding company.
Reply
Reply
post #58 of 92
1/26/09 at 2:44pm
Quote:
Originally Posted by tomkarl View Post

Check your dictionary. Stealing is taking something that does not belong to you. It has nothing to do with the person/company you took it from.

Last I checked, Adobe was an upstanding company.

Agreed. I find it ridiculous that people are so mad at Adobe for charging so much for their products. They have the right to charge whatever they want. If you don't feel their product is worth it, then don't buy it. As someone who works professionally in graphic design, I find their products to be worth the money.

I do agree with the person who was getting annoyed at the uninstall limit, however. That's just nasty. I did not know that existed.
Reply
Reply
post #59 of 92
1/26/09 at 2:55pm
"This installer compromises the system not by installing an additional package, but through a crack application that serializes the program for use without a purchased retail key.* This app extracts an executable from its data and installs a backdoor in /var/tmp/.* If the user runs the crack app again, a new executable with a different random name is created, making it difficult to safely remove the malware."


so do you get the trojan the second time you run the crack? that's what it sounds like.
Reply
Reply
post #60 of 92
1/26/09 at 4:05pm
Maybe they should use OpenOffice and GIMP....
ALTER BRIDGE is the greatest rock band of today. Myspace || Street Team
Reply
ALTER BRIDGE is the greatest rock band of today. Myspace || Street Team
Reply
post #61 of 92
1/26/09 at 4:45pm
Quote:
Originally Posted by kernel_panic View Post

I agree that software piracy is illegal and stupid. What about the trojan writers? Sure, they're just inflicting a little karma on the pirates, but don't they need to be taught a lesson. Intego needs to make public the 2 IP addresses that the trojan is contacting. Maybe somebody could DDoS them and shut down the threat on that end.

Symantec has made it public in their discussion of the trojan horse.
Reply
Reply
post #62 of 92
1/26/09 at 5:28pm
Use Little Snitch, and you're good.
Reply
Reply
post #63 of 92
1/26/09 at 5:29pm
Quote:
Originally Posted by Messiah View Post

I have to say, the copy protection embedded in Adobe CS3 is doing-my-head-in at the moment.

I understand the need for Adobe to protect their intellectual property - and hence the need for some means of copy protection, but Adobes current implementation throws up too many barriers for legitimate, paying customers.

When it is easier for thieves to download and crack the software, than it is for legitimate users to manage their installations, then Adobe has a problem.

Even although I have purchased CS3, and have a valid serial number etc., currently it would be easier for me to install a cracked version, as I have reached the unpublished 'Deactivation Limit' which Adobe keeps hush.

I won't be buying CS4, because of the issues I have run into with activation/deactivation of CS3. I would happily pay for CS4, I don't have a problem with the price, but I do have a problem with not being able to use it as I see fit.

All you need to do is call Adobe and they will give you a new activation code. It took me 5 minutes. The help desk was very nice and I was able to put it on my new laptop with no problem.

Edit.
Your loss for not upgrading to CS4. Yes, it is expensive but well worth it if you are in the graphics or video industry.
Reply
Reply
post #64 of 92
1/26/09 at 7:59pm
Quote:
Originally Posted by xanthohappy View Post

f you don't feel their product is worth it, then don't buy it.

Don't worry I didn't, nor could I; even if I wanted to.

I suppose that means I'll have to give up my dreams of learning enough to break into so-called 'graphic design industry.'
Call on God, but row away from the rocks.
- Indian Proverb.
Reply
Call on God, but row away from the rocks.
- Indian Proverb.
Reply
post #65 of 92
1/26/09 at 8:02pm
I know this isn't a "virus" and it also requires users to do something stupid, but here's another crack in the wall of "there are no malware infected Macs."

An iPhone, a Leatherman and thou...  ...life is complete.

Reply

An iPhone, a Leatherman and thou...  ...life is complete.

Reply
post #66 of 92
1/26/09 at 8:19pm
Quote:
Originally Posted by dukemeiser View Post

Use Little Snitch, and you're good.

That was the first thing I thought. Nobody with a machine hooked up to internet access should ever NOT have little snitch running. Not only does it stop every and all processes from "calling home", it tells you exactly who they are calling to.

Secondly, the torrent sites are really good at policing this stuff, and it's virtually always already dealt with and deleted before the news of its existence comes out. In the case of the iWork and CS4 cracks, not only have the offending files have already been purged, but instructions for easy removal of the trojan are all over the comments sections.

Also, not a single one of the Mac iWork or CS4 crack apps has ever approached even 1000 full downloads, let alone 20,000. I've never seen any Mac app get anywhere near 20,000. Intego is lying.
Reply
Reply
post #67 of 92
1/26/09 at 10:30pm
First I wanted to comment on if its a Trojan or a Virus.

A Trojan generally is just a backdoor to let someone control your computer. A Virus is thought of something that self spreads, but generally modifies the computer to do so. Not all Virus (think back to the old Windows days if you can) uses outlook to email itself to the masses. In fact, before there was even widespread email it would just attach itself to other files in hopes you would spread them around. So while these have Trojan chacteristics especially in you installing it, it does potentially have viral implications as some have suggested it copies itself elsewhere.

I think obviously Pirates software has always had a virus/trojan threat, the real implication is the widespread (over 20,000) on a Mac and the possibility in the future of using similar technics to legitmate software (such as hack a server and adding the software) or pretending to be freeware and then eventually using a timebomb becoming a Trojan.

Additionally, you have had recent Safari exploits that could allow a trojan to attach itself to Safari (and not nessacarily anything needing root access) as these trojans basically have been used for DOS attacks, but keylogging Safari might work as well.

Nokia Lumia 920, iPhone, Surface RT, Intel i3 Desktop with Windows 7 & Hackintosh, Power Cube G4

Reply

Nokia Lumia 920, iPhone, Surface RT, Intel i3 Desktop with Windows 7 & Hackintosh, Power Cube G4

Reply
post #68 of 92
1/26/09 at 10:43pm
Uh, Kaspar... why is this story here? Anyone who has paid for the software or downloaded it legally don't need to be "warned" about this trojan horse "threat". For the people who have downloaded these apps illicitly, I say tough luck, robbers.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #69 of 92
1/27/09 at 8:01am
Quote:
Originally Posted by bsenka View Post

They probably made it up, just like the other trojan and virus scares coming from an anti-virus software vendor.

Dumba$$es,

All you need to do is go to a torrent site to see how many seeders/leachers and most list how many downloads.
Reply
Reply
post #70 of 92
1/27/09 at 8:03am
Quote:
Originally Posted by bsenka View Post

That was the first thing I thought. Nobody with a machine hooked up to internet access should ever NOT have little snitch running. Not only does it stop every and all processes from "calling home", it tells you exactly who they are calling to.

Secondly, the torrent sites are really good at policing this stuff, and it's virtually always already dealt with and deleted before the news of its existence comes out. In the case of the iWork and CS4 cracks, not only have the offending files have already been purged, but instructions for easy removal of the trojan are all over the comments sections.

Also, not a single one of the Mac iWork or CS4 crack apps has ever approached even 1000 full downloads, let alone 20,000. I've never seen any Mac app get anywhere near 20,000. Intego is lying.

Little Snitch doesn't protect you from everything, unfortunately. A lot of app's can work around this. Two examples: Final Cut Pro and Adobe's Flexnet anti-piracy spyware.
Reply
Reply
post #71 of 92
1/27/09 at 8:09am
Quote:
Originally Posted by tribalogical View Post

Wellll, yesss....... but even Linux can be vulnerable to Trojans..... it requires some kind of 'user participation', but you can be just as at risk if you get fooled into installing it....

Someone earlier tried to say that virii, trojans, etc. were synonymous. Only true in that they all fall into the 'malware' category..... but the names as defined are pretty good differentiators.

Virus : malware that can infect a system without direct user involvement. Typically spreads/replicates itself to other systems. (Like a real virus... thus the name.)

Trojan : Concept derived from the famous "Trojan Horse" story. Typically embedded malware that looks like something else, but hides itself until it's 'inside the walls'. Usually requires some kind of direct user action. Not usually able to self-replicate, although Trojans can carry a virus as part of their package.

So far, the only active 'in the wild' OSX malware I've read about requires spoofing, trojans, or other 'social trickery' to overcome security safeguards.

Exploiting ignorance is a terrible weapon...


Funny, the first question that popped into my head when reading the post was, "Did Intego plant this thing??"..... it's almost too obvious, you know?

Thinking like that makes me some kind of crazy conspiracy theorist though, doesn't it.....

I think we can safely assume that not all malware is created by anti-virus companies. Do you think they're staging the DOS attacks, too?

Mac's are an open target, really, with the false sense of security and the rising number of idiot users. Look at how many people download the iWork software from untrusted sources when it's freely available from Apple's site. The anti-virus companies hardly need to plant anything when there are so many idiots providing an open door.
Reply
Reply
post #72 of 92
1/27/09 at 8:11am
Quote:
Originally Posted by GWD2009 View Post

If case someone has this trogan installed here is how to remove it. I did not install iWork on my Macbook, but I was curious if I had anything on it so I ran this program and I also ran MacScan. Lo and behold, found nothing.

http://www.securemac.com/

or just download here:

http://macscan.securemac.com/files/i...emovalTool.dmg

SPAM much, buddy?
Reply
Reply
post #73 of 92
1/27/09 at 8:18am
Quote:
Originally Posted by Messiah View Post

I have to say, the copy protection embedded in Adobe CS3 is doing-my-head-in at the moment.

I understand the need for Adobe to protect their intellectual property - and hence the need for some means of copy protection, but Adobes current implementation throws up too many barriers for legitimate, paying customers.

When it is easier for thieves to download and crack the software, than it is for legitimate users to manage their installations, then Adobe has a problem.

Even although I have purchased CS3, and have a valid serial number etc., currently it would be easier for me to install a cracked version, as I have reached the unpublished 'Deactivation Limit' which Adobe keeps hush.

I won't be buying CS4, because of the issues I have run into with activation/deactivation of CS3. I would happily pay for CS4, I don't have a problem with the price, but I do have a problem with not being able to use it as I see fit.

I agree the Adobe activation scheme is a pain in the a$$. Anyone who says otherwise hasn't run into the errors it can cause which can only be healed by reinstalling your whole system (not even the Adobe Clean scripts can cure it).

That said, I love CS4 and it's worth every penny to me and I've never ever heard anything about a deactivation limit. There's a limit to how many machines you can activate (two at a time, I think, as long as they're not running at the same time, blah, blah) but I've re-activated many many times in the past because I work on several machines and I've never hit a limit.
Reply
Reply
post #74 of 92
1/27/09 at 8:28am
Quote:
Originally Posted by mstone View Post

Kiddies. They just want their machine loaded full of software that they won't ever learn how to use. They look at it as free money. Some people just can't resist the temptation to get something for nothing.

Hahaha, it's so true! There are so many idiots around that just love being able to say they have every imaginable app, though they lack any of the skills needed to use most of it.

In addition, a lot of kiddies these days have an immense sense of entitlement. Ever try to sell something on Kijiji? These same people will berate you because you're asking for money (god forbid) and not just giving it away for free. Because they can't afford it, you see. But they deserve it!
Reply
Reply
post #75 of 92
1/27/09 at 8:35am
Quote:
Originally Posted by tomkarl View Post

Stealing is stealing no matter how much you try to justify or rationalize it.

Have a nice life. Karma can be a nasty thing.

These topics always bring out the holier-than-thou crowd. Jaysus...
Reply
Reply
post #76 of 92
1/27/09 at 10:26am
It is easy to be smug that people who download pirated software are getting a trojan. Well-deserved, we might say. But this trojan is being used to launch denial of service attacks against other web sites. You download this pirated software and your computer is being turned into a weapon to attack an innocent third party! That is inexcusable. I really do not care what you do to your own computer. But when your selfish and illegal acts hurt others, then you should be prosecuted. There is no excuse for software piracy.
Reply
Reply
post #77 of 92
1/27/09 at 11:12am
Quote:
Originally Posted by cjcampbell View Post

It is easy to be smug that people who download pirated software are getting a trojan. Well-deserved, we might say. But this trojan is being used to launch denial of service attacks against other web sites. You download this pirated software and your computer is being turned into a weapon to attack an innocent third party! That is inexcusable. I really do not care what you do to your own computer. But when your selfish and illegal acts hurt others, then you should be prosecuted. There is no excuse for software piracy.

+1 on all counts
Reply
Reply
post #78 of 92
1/27/09 at 3:55pm
Wouldn't a program like Little Snitch alert you if a trojan was using your computer to launch a DoS attack? Or NetBarrier? Or is what they offer just smoke and mirrors?


LOL. I was trying to add the above emoticon, but my Firefox NoScript was denying the javascript. You just don't know who to trust these days.
Reply
Reply
post #79 of 92
1/27/09 at 7:03pm
I am surprised the figures are so high (20,000). For some reason I thought piracy was less common on the Mac.
Reply
Reply
post #80 of 92
1/27/09 at 8:23pm
I am so sick and tired of these snake oil salesmen trying to sell us antivirus products for the Mac. Antivirus wouldn't help against these exploits anyway. And so although I appreciate Intego bringing the matter to our attention I definitely do not like the way they try to sell us antivirus. And I don't like this Raba at Secure Mac trying to do it either.

The remedy for both these trojans is so very simple. It's a number of Terminal commands. It's downright easy. And here's a file that gives you the commands you need and more. It's so very simple.

http://rixstep.com/2/20090126,00.shtml

Yet now we see Secure Mac have this megabyte download they want us to try to check for these two trojans. What happens with the third one? Are they going to make another brain-dead application for us to download?

Either run the commands from Terminal or use CLIX and then watch it with installers and anything that asks for your password. It's so very simple.
Reply
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Two new trojan horses threaten Mac software pirates