Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: iWork 2009 Trojan SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
iWork 2009 Trojan

It's already pretty widely reported in the media, take for instance here and here.

First reported by Intego, this trojan apparently is distributed by downloading Bittorrented copies of iWork 2009 from the Internet and installing them.  The Trojan is installed as part of the software package, by, yup, you guessed it, you giving the software permissions to install by giving it your password.

Apparently this backdoor opens a hole on your computer, reporting back to a central server in order to allow the attacker to connect and issue commands to your system.

So, what can we learn from this?

1)  If you Bittorrent software you are supposed to buy, and break the law in doing so...  you have to deal with the ramifications...

2)  Don't Bittorrent software that is only 79 bucks. Hey, you can download the Trial from, and the buy it, and they give you a serial number!  You don't even have to go to the store to get a boxed copy!  You already spent the money and bought a mac, you sheepskate, now if you want iWork, spend the 79 bucks and buy it like you are supposed to.

-- Joel Esler


454 Posts
Jan 23rd 2009

Sign Up for Free or Log In to start participating in the conversation!