Top stories

Journalists Cover Microsoft, Using Macs

It’s not an easy time for Microsoft — with Steve Ballmer having to field questions about being “buffoons” and an “evil empire”  at the shareholder’s meeting (.doc) — so when they get together “the world’s most influential technology pundits and online writers” (nb: we weren’t invited) for Mobius to discuss super-secret mobile tech you’d think [...]

Guide To Black Friday Apple Bargains: Cheap MacBooks, iPods and Accessories Galore

Here’s a guide for finding the best bargains on Apple-related gear during the infamous Black Friday sales on November 27. We’ve compiled a comprehensive list of gear from leaked photos of sales flyers and descriptions of sales.
The bargains include a 2.26 GHz MacBook + $150 gift card at Best Buy for $999.99 ; a 32GB [...]

Review: Voices Is Today’s Best Thing Ever, Grab It Now While It’s Cheap

New on the App Store is Voices from the clever folk at Tap Tap Tap. You can guess what it does.

Open it up, pick a silly voice. Helium is pretty silly. A microphone appears and the app even clears your throat for you (try it, you’ll see what I mean). Now speak your brains, and [...]

Review: Sony Walkman S540 Series Video MP3 Player

Press releases, you will hardly be surprised to hear, are rarely very interesting. But one arrived in my inbox a couple of weeks ago that made me double-take.
“Sony’s S Series Walkman,” it chattered, “is a serious challenger to the iPod Nano.” Gosh, really? Perhaps the Cult had better have a look at one, then, despite [...]

Trojan Horse Targets Anti-Virus Maker Intego

7:07 am, December 3rd, 2008, Ed Sutherland

Another wrinkle in the spy-vs-spy Mac security game appeared Wednesday when a Mac Trojan Horse attempted to disguise itself by naming a file “intego,” a reference to Intego, the anti-virus company.

Intego said the OSX.RSPlug.E trojan horse carries a medium-level risk for Mac users, making it the fifth version of the malware first discovered in 2007. In November, the developers outlined RSPlug.D, a trojan horse which downloaded a malicious file.

Like the most recent version, OSX.RSPlug.E entices Mac users with pornographic sites that insist a “missing Video ActiveX Object” must be downloaded in order to view a video. The infected download then contacts a malicious remote server.

Unlike previous versions of the Trojan, two .dmg archives: FlashPlayer.v3.348.dmg or FlashPlayer.v.dmg, create an encoded file named “intego” with read and write permission.

In a statement, Intego said the reference “is a provocation from the creator of this malware.”

Intego has “certainly never heard of [such naming] on the Mac side,” spokesman Peter James told Cult of Mac.

James said Eastern European malware writers created the Trojan horse, judging by the Web site domains the malicious code contacts. Unlike in the U.S., former Iron Curtain countries don’t have the resources to track down the cyber criminals.

“They’re taunting us because we keep finding these variants. This could be a test” to determine how Intego’s security products identify suspected malware, James said.

The spokesman called Apple’s recent takedown of a tech note advising adoption of antivirus measures “irresponsible on Apple’s part.”

“A tech person wrote the note, and a marketing person quashed it,” James told Cult of Mac. “It’s a typical flip-flop.”

Posted by Ed Sutherland in News, Rumors | Comment on this article

About the author

Ed Sutherland

Ed Sutherland is a veteran technology journalist who first heard of Apple when they grew on trees, Yahoo was run out of a Stanford dorm and Google was an unknown upstart. Since then, Sutherland has covered the whole technology landscape, concentrating on tracking the trends and figuring out the finances of large (and small) technology companies.

Email the author | Read more posts by Ed Sutherland.

Related posts from Cult of Mac

4 comments

    No company has deserved it more.
    The chicken littles of the computer world.

    JohnO, on December 3rd, 2008 at 7:52 am

    Eh?

    > The spokesman [for Intego] called Apple’s recent takedown of a tech note
    > advising adoption of antivirus measures “irresponsible on Apple’s part.”

    and

    > Although Windows-based malware is more mature, Intego has “certainly
    > never heard of it on the Mac side,” spokesman Peter James told Cult of Mac.

    Some confusion there, maybe?

    Chris, on December 3rd, 2008 at 9:46 am

    Umm, so what does the “intego” file try to do – how does the trojan work?
    So the user downloads, and then is tricked into installing the contents of the fake Flash images, and file called ‘intego’ is created which has read/write permission on it — then what? How does this then create a security hole?

    Tom, on December 3rd, 2008 at 1:29 pm

    –>Tom, the trojan has scripts that allow it to communicate with remote servers from which it downloads more malware

    illhelpyou, on February 10th, 2009 at 9:03 pm

Buy Inside Steve's Brain Buy from Amazon.com Buy from Barnes & Noble