Trojan Horse Targets Anti-Virus Maker Intego

Another wrinkle in the spy-vs-spy Mac security game appeared Wednesday when a Mac Trojan Horse attempted to disguise itself by naming a file “intego,” a reference to Intego, the anti-virus Trojan Horse Targets Anti-Virus Maker Integocompany.

Intego said the OSX.RSPlug.E trojan horse carries a medium-level risk for Mac users, making it the fifth version of the malware first discovered in 2007. In November, the developers outlined RSPlug.D, a trojan horse which downloaded a malicious file.

Like the most recent version, OSX.RSPlug.E entices Mac users with pornographic sites that insist a “missing Video ActiveX Object” must be downloaded in order to view a video. The infected download then contacts a malicious remote server.

Unlike previous versions of the Trojan, two .dmg archives: FlashPlayer.v3.348.dmg or FlashPlayer.v.dmg, create an encoded file named “intego” with read and write permission.

In a statement, Intego said the reference “is a provocation from the creator of this malware.”

Intego has “certainly never heard of [such naming] on the Mac side,” spokesman Peter James told Cult of Mac.

James said Eastern European malware writers created the Trojan horse, judging by the Web site domains the malicious code contacts. Unlike in the U.S., former Iron Curtain countries don’t have the resources to track down the cyber criminals.

“They’re taunting us because we keep finding these variants. This could be a test” to determine how Intego’s security products identify suspected malware, James said.

The spokesman called Apple’s recent takedown of a tech note advising adoption of antivirus measures “irresponsible on Apple’s part.”

“A tech person wrote the note, and a marketing person quashed it,” James told Cult of Mac. “It’s a typical flip-flop.”

  • JohnO

    No company has deserved it more.
    The chicken littles of the computer world.

  • Chris

    Eh?

    > The spokesman [for Intego] called Apple’s recent takedown of a tech note
    > advising adoption of antivirus measures “irresponsible on Apple’s part.”

    and

    > Although Windows-based malware is more mature, Intego has “certainly
    > never heard of it on the Mac side,” spokesman Peter James told Cult of Mac.

    Some confusion there, maybe?

  • Tom

    Umm, so what does the “intego” file try to do – how does the trojan work?
    So the user downloads, and then is tricked into installing the contents of the fake Flash images, and file called ‘intego’ is created which has read/write permission on it — then what? How does this then create a security hole?

  • illhelpyou

    –>Tom, the trojan has scripts that allow it to communicate with remote servers from which it downloads more malware

About the author

Ed SutherlandEd Sutherland is a veteran technology journalist who first heard of Apple when they grew on trees, Yahoo was run out of a Stanford dorm and Google was an unknown upstart. Since then, Sutherland has covered the whole technology landscape, concentrating on tracking the trends and figuring out the finances of large (and small) technology companies.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Rumors |