Viruses on Macs, oh no!

Jan 28, 2009 13:07

So there is a fairly large Mac virus outbreak.  I haven't got it but I'm seeing people all over the internets who have.  Its a trojan horse being spread through torrent files (iWork 09 and Adobe CS4 products).  I knew that Macs would eventually have a large enough install base to become targets and now it looks like they have reached that tipping point.  The good news is this trojan is very unsophisticated and insanely easy to find and clean.  Bascially, it installs a service into your startup items list and then hijacks your internet connection allowing for someone to remotely access your Mac.  Want to see if you have it?  Simply go to System/Library/StartupItems and see if theres anything suspicious in there (such as iWorkServices).  If you've got a Mac and have been torrenting lately I recommend you check to make sure aren't infected.

The whole thing can be removed by using the following steps:

1. (open Terminal.app)
2. sudo su (enter password)
3. rm -r /System/Library/StartupItems/iWorkServices
4. rm /private/tmp/.iWorkServices
5. rm /usr/bin/iWorkServices
6. rm -r /Library/Receipts/iWorkServices.pkg
7. killall -9 iWorkServices

And thats it, no crazy registry edits or any of that.  I'm sure eventually Mac viruses will become more sophisticated but this one is pretty lame.  Try comparing that removal process to something like the Antivirus 2009 shit thats going around for Windows now.  That stuff is horrible to try to get rid of.  Every time I see it I recommend a complete format and reinstall.

So any other conspiracy theorists think that maybe a Mac Antivirus company (Intego) made this trojan themselves just to drum up some business for their software in these bad economic times?  I think its definately a possibility but who knows.
Previous post Next post
Up