iWork '09 Torrent Carrying OS X Trojan

[Tallest Skil]

It isn't a crime, but your sense of humor is

*simultaneous rim shot and jazz hands... somehow*

It wasn't supposed to be funny. It is certainly not my intent to trivialize RAPE.

The point of that post was to be serious, through and through. I was doing a standard comparison between two ideas, showing their identical nature.

I'm curious the country in which you live that rape is not a crime.

 

[iEdd]

It wasn't supposed to be funny. It is certainly not my intent to trivialize RAPE.

The point of that post was to be serious, through and through. I was doing a standard comparison between two ideas, showing their identical nature.

I knew, and got your point - as I nearly made a similar analogy myself. However, comparing rape to something trivial like kids downloading a bit of software can make people take things the wrong way, ie. implying that rape is trivial as well.

And a crime is a crime, whether you are caught or not.

 

[petermcphee]

However, comparing rape to something trivial like kids downloading a bit of software can make people take things the wrong way, ie. implying that rape is trivial as well.

Agreed. Tallest Skil's post analogizing the two was offensive.

 

[Bernie-Mac]

*simultaneous rim shot and jazz hands... somehow*

It wasn't supposed to be funny. It is certainly not my intent to trivialize RAPE.

The point of that post was to be serious, through and through. I was doing a standard comparison between two ideas, showing their identical nature.

I'm curious the country in which you live that rape is not a crime.

Originally I was not talking about rape, i made that comment on piracy, and instead of taking it at a sarcastic comment you brought up rape. Your the one comparing rape to downloading software I'm curious the country in which you live that they are the same. I live in America though, and idk where you live, but here your allowed to rape 2 individuals a year before you get into legal tribulations. I thought it was like that everywhere

 

[kurosov]

Agreed. Tallest Skil's post analogizing the two was offensive.

The way i see it a crime is a crime. This is how you end up getting differences such as murder and manslaughter.

Saying one crime should be ok because there are worse you can do is a bad way of thinking.

 

[Jethryn Freyman]

A new version of the trojan has been discovered.

http://www.macnn.com/articles/09/01/26/mac.trojan.hits.photoshop/

It installs itself under a different name each time, making it harder for the average user to remove.

How ironic, most of us Mac users are arguing about the ethics of piracy, while the hackers are busy writing us trojans.

 

[tehpirate]

Trojan, not virus.

Trojan, virus, worm? Either way it can eff up your computer pretty bad.
Pretty sure the point was to show mac users that they aren't as invincible as they think they are.

Oh and it gains root control of your machine and downloads other forms of malware (aka viruses, spyware, adware). So yes you do get viruses.

 

[GGJstudios]

Trojan, virus, worm? Either way it can eff up your computer pretty bad...

Only if you're actually stupid enough to download pirated software and install it!

 

[techfreak85]

Only if you're actually stupid enough to download pirated software and install it!

exactly, and now yahoo is all freaking out. i wish they would shut up.

 

[jrlcopy]

A new version of the trojan has been discovered.

http://www.macnn.com/articles/09/01/26/mac.trojan.hits.photoshop/

It installs itself under a different name each time, making it harder for the average user to remove.

How ironic, most of us Mac users are arguing about the ethics of piracy, while the hackers are busy writing us trojans.

There is another bug that was in Tiger, haven't tried it within leopard, but if you are installing two separate programs, and the admin password prompts come up for both installs and you enter your password on one and then quickly hit ok on both of them (the 2nd prompt could have a blank pass field) it will accept the blank password and install.

Then when you go to uninstall the program it will prompt you for your admin password, and it will decline it if you enter your correct password, you have to leave the field blank.

If this is present in leopard, theoretically one could create a service that just waits for your to be installing something and then just piggy back its way in on the prompt.

Obviously the lack of a market share has helped detour virus writers, and honestly I'm no unix expert, I have no idea how things compare between the backends of the OS's. But I do think that it is only a matter of time before OS X we are going to be overloaded with Viruses and Apple doesn't have the experience to deal with them. Since it hasn't had to.

We have had macros, but they were always related to Microsoft programs, I have had a few programs that would get macro infested word documents, and it would f' up all of their word files on their mac. Anytime they would try and upload a .doc via any gmail, yahoo, mail service it would get flagged as it had a virus.

 

[alfmil]

It

 

[shikimo]

Spain, France from this month on, Germany, Sweden (go to the pirate bay and read the letters they received from content producers, they're hilarious) and pretty much all european countries. That is changing, though, because companies are very powerful and there's a lot of money involved.
Anyway, new ways to get the content for free will be found. After all, in Europe downloading "illegal" contents is not really considered illegal by law, but just a civil offense and nobody can go past your data protection rights and figure out your identity behind an IP on the grounds of a civil offense. That's been ruled like that in Spain several times and also the European Union. Besides what Americans think, we still have some respect for personal freedom.
All they can do UK, France and soon Italy, is to order the desconnection of a particular IP from the internet, without knowing who is behind it. They do that know in France after three downloads (if they catch you, which is not so easy because of course it is against the law to monitor your communications and they have to basically get into the download networks and record your IP). There won't be further prosecution on the grounds of a civil offense.

Violation of intellectual property rights is, at least technically, a criminal offense in France...for now (the EU doesn't agree). However, you are 100% correct in that it is virtually unheard of for it to be enforced with actual jail time--read an Amnesty International report on the state of French prisons to find out why--which brings me to my next point:

That doesn't preclude the possibility that you might go to jail, which the conviction for copyright infringement in the U.S. certainly allows for. To simply state "you won't go to jail" as a matter of fact is misleading. Given the right circumstances, you could.

Although you are technically correct, the only reliable way to evaluate law enforcement is by common practice, and the fact is that, for now, even the biggest end-user pirates are nowhere near going to jail, regardless of what the law says. If Americans had to live by the actual texts of all written federal and state laws, life would be very different over there.

Agreed.

Maybe poisoning the illegal downloads so that those people's computers are destroyed is the right thing to do.

This is the sort of destructive, all-or-nothing thinking that keeps screwing up the world. Throughout this thread you have used words like "criminal," "theft," "right" and "wrong" as if they have common definitions for everyone that we can take as premises for the discussion. You, who put a link to a marriage-equality site in your signature, don't see a problem with the blind enforcement of "law as written"?? Cannot understand that law is a living, evolving thing that needs to respond to the changes in the societies it tries to govern? Please: advocating the destruction of private property as a response to an act because YOU find it morally despicable? That doesn't bring up pleasant imagery, historically speaking.

Digital piracy is a legal gray area if there ever was one--witness as evidence the massive amounts of time and money spent all over the world trying unsuccessfully to define it--and trying to sew a big scarlet "P" on the chests of everyone who has ever downloaded a for-pay application without paying for it is hypocritical: lots of laws look unjust from lots of different points of view. You don't like piracy? Don't do it, but the world is a better place without blind moral judgments: ne person's "criminal" is another person's "freedom fighter" or "pioneer." While personally I don't know how I feel about piracy--that's why I'm reading the thread--I'm quite sure it's not as simple as you and a few others make it out to be.

 

[Macmel]

Just to add to the discussion, it has been recently published a scientific study in Belgium (90% of the population is connected to the internet and they are heavy file sharers) stating that actually P2P is good for culture and not bad. It is based in the following conclusions:

1) File sharing contributes to the fast spreading of the contents, which in itself is good to cultural growth.

2) Files downloaded, in their vast majority, would not have been purchased anyway so the loss in revenue for companies is much more reduced than they claim it to be.

3) Content creators that normally would not be strongly supported by companies only thinking about money, have the oportunity of becoming known because people can get their work for free. This opens the possibility of other forms of revenue: concerts, shows, purchases of further contents, etc. Most companies say that if this continues like this it would be the end of the culture because they won't be able to support starting creators if they lose the revenue coming from the big ones: the truth is, they only support people which they know will make money for them, regardless of their cultural component. What's American Idol if not a casting for a good selling singer which you know it's gonna be a success because millions of americans told you so?.

4) Downloaders of music and DVDs in average buy as much music and DVDs in stores as people who never download.

5) Downloaders of video games in average buy MORE games than non-downloaders.

Just think about it...

By the way, due to legal problems and intricacies of the British criminal system leading to the protection of personal rights, they have announced that no one is going to be disconnected from the internet in the UK, but the letters telling you that you have been a bad boy will still be received. I'm cuious to see what happens in France after this and the EU admitting that file sharing cannot be considered a criminal offense.

 

[AidenShaw]

"risk" has been added

Originally Posted by AidenShaw

Maybe poisoning the illegal downloads so that those people's computers are destroyed is the right thing to do.

Please: advocating the destruction of private property as a response to an act because YOU find it morally despicable?

The whole argument around the use of the word "theft" is based on notion of tangible property.

After the trojan destroys someone's Apple - they still have the Apple, so no "destruction of private property" has occurred.

If you claim that the seller's 1's and 0's have no value, and you have the right to take them - how can you claim "damage" if a trojan sets all your 1's to 0's? You can't....
________

Seriously, though, I made a conjecture about the "justness" of infected software on the torrent - not a direct advocation of the same.

One point in the "steal" vs. "pirate" debate that I don't think has been made is the risk of apprehension involved.

If you try to remove a physical box with Photoshop or Iworks from Fry's or Best Buy - you stand a pretty good chance of needing a lawyer.

If you download from an illegal warez torrent, the odds of being prosecuted are miniscule.

The trojans, however, have put a serious element of risk into the equation.

It's not nearly as risk-free to {select oneof ["steal", "pirate", "infringe"]} anymore, and I'm still wondering if that's not totally a bad thing. The people who say "I won't buy any software over $10" might be more inclined to buy what they need, rather than risk getting "extra" stuff for free from the criminal underground.

 

[shikimo]

Just to add to the discussion, it has been recently published a scientific study in Belgium (90% of the population is connected to the internet and they are heavy file sharers) stating that actually P2P is good for culture and not bad. It is based in the following conclusions:

1) File sharing contributes to the fast spreading of the contents, which in itself is good to cultural growth.

2) Files downloaded, in their vast majority, would not have been purchased anyway so the loss in revenue for companies is much more reduced than they claim it to be.

3) Content creators that normally would not be strongly supported by companies only thinking about money, have the oportunity of becoming known because people can get their work for free. This opens the possibility of other forms of revenue: concerts, shows, purchases of further contents, etc. Most companies say that if this continues like this it would be the end of the culture because they won't be able to support starting creators if they lose the revenue coming from the big ones: the truth is, they only support people which they know will make money for them, regardless of their cultural component. What's American Idol if not a casting for a good selling singer which you know it's gonna be a success because millions of americans told you so?.

4) Downloaders of music and DVDs in average buy as much music and DVDs in stores as people who never download.

5) Downloaders of video games in average buy MORE games than non-downloaders.

Just think about it...

Yes, all wonderful examples of why this is not an open-and-shut case. We live in a complicated world.

By the way, due to legal problems and intricacies of the British criminal system leading to the protection of personal rights, they have announced that no one is going to be disconnected from the internet in the UK, but the letters telling you that you have been a bad boy will still be received. I'm cuious to see what happens in France after this and the EU admitting that file sharing cannot be considered a criminal offense.

If the current pattern holds up, the French will stall stubbornly on the surface in Bruxelles, working the image of being maladjusted and self-serving, all the while preparing for the inevitable cave-in to EU will and adjusting to it rather nimbly. The gambling-monopoly legislation is the most recent example, but it's been going down like that for several years. In the end--and against local conventional coffee-shop wisdom--France has done just fine in the EU era and they don't want to rock the boat any more than necessary.

 

[Hugh]

Rape

Originally I was not talking about rape, i made that comment on piracy, and instead of taking it at a sarcastic comment you brought up rape. Your the one comparing rape to downloading software I'm curious the country in which you live that they are the same. I live in America though, and idk where you live, but here your allowed to rape 2 individuals a year before you get into legal tribulations. I thought it was like that everywhere

I'm sorry guys I just couldn't let this go. I know this is not the right place talk about this but:

WTF! Where the hell do you live where rape isn't illegal until you rape 2 people!!!! If you mean the US America rape is illegal with ONE person. You are served with some time in jail and you are put on the sex offenders list. (This includes date rape too)!!!

Hugh

 

[mr.steevo]

This is the sort of destructive, all-or-nothing thinking that keeps screwing up the world. Throughout this thread you have used words like "criminal," "theft," "right" and "wrong" as if they have common definitions for everyone that we can take as premises for the discussion. You, who put a link to a marriage-equality site in your signature, don't see a problem with the blind enforcement of "law as written"?? Cannot understand that law is a living, evolving thing that needs to respond to the changes in the societies it tries to govern? Please: advocating the destruction of private property as a response to an act because YOU find it morally despicable? That doesn't bring up pleasant imagery, historically speaking.

Digital piracy is a legal gray area if there ever was one--witness as evidence the massive amounts of time and money spent all over the world trying unsuccessfully to define it--and trying to sew a big scarlet "P" on the chests of everyone who has ever downloaded a for-pay application without paying for it is hypocritical: lots of laws look unjust from lots of different points of view. You don't like piracy? Don't do it, but the world is a better place without blind moral judgments: ne person's "criminal" is another person's "freedom fighter" or "pioneer." While personally I don't know how I feel about piracy--that's why I'm reading the thread--I'm quite sure it's not as simple as you and a few others make it out to be.

Nice to read a balanced and not reactive addition to this thread.

s.

 

[macmee]

I haven't downloaded iWork, however I am still concerned about viruses on my iMac. I have ClamXav, but I have no idea how good it is at catching anything....or if it even removes OSX threats.

If I were to get LittleSnitch, would that prevent me from getting any viruses communicating over LAN, as I would be able to block the network traffic?

 

[tehpirate]

You don't necessarily have to get them from pirated software, movies, music, etc. And I'm pretty sure there are a lot of people that think their macs are invincible to viruses etc because they have been told over and over again that "macs don't get viruses" In fact there's this mac rep where I work at who tells people interested in buying the mac (granted he's pretty much in it for the sale) "Macs don't get viruses, unlike the pc you actually have to install the virus" Well actually on the pc you have to install the virus as well...and if you're not an idiot...

Only if you're actually stupid enough to download pirated software and install it!

 

[GGJstudios]

You don't necessarily have to get them from pirated software, movies, music, etc. And I'm pretty sure there are a lot of people that think their macs are invincible to viruses etc because they have been told over and over again that "macs don't get viruses" In fact there's this mac rep where I work at who tells people interested in buying the mac (granted he's pretty much in it for the sale) "Macs don't get viruses, unlike the pc you actually have to install the virus" Well actually on the pc you have to install the virus as well...and if you're not an idiot...

You obviously don't understand the difference between a virus and a trojan. A virus can replicate itself without the user installing an application. A trojan must be actively installed by the user, which for a Mac, involves entering your administrator password. There ARE no viruses in the wild that affect Mac OS X. There ARE trojans, but the user has to install them. So if a user is careful what they install and where they get it, they won't get trojans.

 

[AidenShaw]

You obviously don't understand the difference....

And you don't understand that the difference is irrelevant. If someone's credit card info has been stolen, will you say "It's OK - it wasn't taken by a virus, you downloaded a Trojan that took it."

Small consolation....

I got a mail from Citibank this morning saying that my credit card had been blocked due to suspicious activity, and that I should go to http://www.citibank.com.cn [url was behind a link like http://fraud.citibank.com] as soon as possible to avoid any charges.

Of course, I forwarded the email to spoof@citibank.com and deleted it.

Threats come in many forms, and Apples are vulnerable to many of them.

 

[charlituna]

Small consolation....

I got a mail from Citibank this morning saying that my credit card had been blocked due to suspicious activity, and that I should go to http://www.citibank.com.cn [url was behind a link like http://fraud.citibank.com] as soon as possible to avoid any charges.

Of course, I forwarded the email to spoof@citibank.com and deleted it.

Threats come in many forms, and Apples are vulnerable to many of them.

nice mixing of metaphors. phishing and all other forms of social engineering are OS independent they don't rely on what you are using if anything computer wise.

point of fact Apple's are not 100% invulnerable. but they have proven to be more so than Windows based systems and when you add that to the small market share and the fact that this trojan was added to a torrent and is NOT in the Apple released software, it still adds up to the fact that many folks don't feel the need to believe all the 'the sky is falling' hype from over priced anti-viral software creators.

if windows users are savvy about what they download and install many of them don't need such software either.

if I was talking to someone that wasn't all that tech savvy I'd have them get a program regardless of the OS, just to be safe.

 

[ppc750fx]

I have no idea how things compare between the backends of the OS's. But I do think that it is only a matter of time before OS X we are going to be overloaded with Viruses and Apple doesn't have the experience to deal with them. Since it hasn't had to.

The problems that Windows faces are, in part, due to Microsoft's obsession with backwards compatibility. That obsession was what led to users having root by default, what's lead to DLL hell, and what's lead to the mess that is UAC (no, UAC is not the same as *nix privilege escalation -- it's a hell of a lot hackier, at least if the developers are to be believed). It's also what's led to outdated APIs being left in the OS without proper maintenance and security (a wonderful source of exploits) and what's led to a whole slew of other wildly insecure default behaviors (such as Remote Registry being left enabled by default, the C$ admin share, etc.)

Apple's not better at security as much as they are better at progress. They have no problem ditching old APIs. They've actually moved their OS to a whole new base in a sane manner (via pseudo-virtualization). They don't patch around buggy software -- they break it and make devs do it "the right way."

I think that as malware writers shift their attention to Mac OS X, these years of good security practice will pay off for Apple. Yes, there will be some trojans and the like (you can't defend against user stupidity), but there will be far, far fewer (if any) fully self-propagating worms, and far fewer botnets. The fact that there's not yet been a fully self-propagating worm or virus despite an install base of millions of machines is a *very* good sign, and I'll be astonished if there ever is a virus/worm that's capable of spreading between OS X machines without user intervention.

 

[GGJstudios]

And you don't understand that the difference is irrelevant. If someone's credit card info has been stolen, will you say "It's OK - it wasn't taken by a virus, you downloaded a Trojan that took it."
Threats come in many forms, and Apples are vulnerable to many of them.

This discussion is about viruses vs trojans, not credit card or identity theft. They are vastly different. The point is, viruses can be activated with no overt installation action on the part of a user, simply by opening a seemingly innocuous file. That can't happen on Mac OS X, since there ARE no viruses that run on Mac OS X. Trojans have to be downloaded and installed on a Mac, which involves the user entering their administrator password, which gives them an opportunity to cancel the installation, even if it were automatic. You're not going to get a trojan from installing legitimate software from reliable sources.

So the difference between the two IS relevant. And, for the purposes of this thread, credit cards or identity theft are NOT relevant.

 

[kurosov]

A perfect example of a self spreading virus are those that travel over instant messaging clients such as msn. They automatically send themselves to anybody an infected user has on their friends lists and can be incredibly difficult to protect against at times.

As stated earlier, a Trojan would have to have been actively used by the user of the computer.