Top stories

A New Kind Of Heist: Six Apps For Free

Those crazy MacHeisters are at it again, and this time the deal is even harder to resist.
The first ever MacHeist Nano won’t cost you a penny. You can download, without charge, fully licensed copies of ShoveBox, WriteRoom, Twitterific, TinyGrab, and Hordes of Orcs. If 500,000 people take part (which I think is a pretty safe [...]

Getting More iPhone Home Screens – And Keeping Them

A couple of weeks back, I wrote Temporarily Get More iPhone Home Screens Via Cunning Bug Exploit, but had heard staying away from the iTunes Applications tab within my iPhone was probably a Very Good Idea. Reader Larry Pressnell noted that since the most recent iTunes update, his extra screens have been accessible in iTunes.
Since [...]

Cult of Mac Favorite: MobileStacks Is the Best Reason To Jailbreak. Period.

I really like Stacks on my Mac. Stacks makes it fast and easy to find files, folders and apps right from the Dock. It makes managing a Mac pretty slick with all sorts of little UI tricks. That’s why I recently gave MobileStack a go on my jailbroken iPhone.
I must say that it lives up to the [...]

Gallery: Behind the Scenes From Two Classic Apple TV Ads

Is this Steve Jobs driving a tank in a classic Apple TV spot from the late 1990s? That was the rumor at the time: Jobs was making cameos in Apple commercials.
Ken Segall, the TBWA ad man responsible for naming the iMac and Think Different, reveals the truth after the jump. He also shares some rare [...]

Trojan Horse Targets Anti-Virus Maker Intego

7:07 am, December 3rd, 2008, Ed Sutherland

Another wrinkle in the spy-vs-spy Mac security game appeared Wednesday when a Mac Trojan Horse attempted to disguise itself by naming a file “intego,” a reference to Intego, the anti-virus company.

Intego said the OSX.RSPlug.E trojan horse carries a medium-level risk for Mac users, making it the fifth version of the malware first discovered in 2007. In November, the developers outlined RSPlug.D, a trojan horse which downloaded a malicious file.

Like the most recent version, OSX.RSPlug.E entices Mac users with pornographic sites that insist a “missing Video ActiveX Object” must be downloaded in order to view a video. The infected download then contacts a malicious remote server.

Unlike previous versions of the Trojan, two .dmg archives: FlashPlayer.v3.348.dmg or FlashPlayer.v.dmg, create an encoded file named “intego” with read and write permission.

In a statement, Intego said the reference “is a provocation from the creator of this malware.”

Intego has “certainly never heard of [such naming] on the Mac side,” spokesman Peter James told Cult of Mac.

James said Eastern European malware writers created the Trojan horse, judging by the Web site domains the malicious code contacts. Unlike in the U.S., former Iron Curtain countries don’t have the resources to track down the cyber criminals.

“They’re taunting us because we keep finding these variants. This could be a test” to determine how Intego’s security products identify suspected malware, James said.

The spokesman called Apple’s recent takedown of a tech note advising adoption of antivirus measures “irresponsible on Apple’s part.”

“A tech person wrote the note, and a marketing person quashed it,” James told Cult of Mac. “It’s a typical flip-flop.”

Posted by Ed Sutherland in News, Rumors | Comment on this article

About the author

Ed Sutherland

Ed Sutherland is a veteran technology journalist who first heard of Apple when they grew on trees, Yahoo was run out of a Stanford dorm and Google was an unknown upstart. Since then, Sutherland has covered the whole technology landscape, concentrating on tracking the trends and figuring out the finances of large (and small) technology companies.

Email the author | Read more posts by Ed Sutherland.

Related posts from Cult of Mac

4 comments

    No company has deserved it more.
    The chicken littles of the computer world.

    JohnO, on December 3rd, 2008 at 7:52 am

    Eh?

    > The spokesman [for Intego] called Apple’s recent takedown of a tech note
    > advising adoption of antivirus measures “irresponsible on Apple’s part.”

    and

    > Although Windows-based malware is more mature, Intego has “certainly
    > never heard of it on the Mac side,” spokesman Peter James told Cult of Mac.

    Some confusion there, maybe?

    Chris, on December 3rd, 2008 at 9:46 am

    Umm, so what does the “intego” file try to do – how does the trojan work?
    So the user downloads, and then is tricked into installing the contents of the fake Flash images, and file called ‘intego’ is created which has read/write permission on it — then what? How does this then create a security hole?

    Tom, on December 3rd, 2008 at 1:29 pm

    –>Tom, the trojan has scripts that allow it to communicate with remote servers from which it downloads more malware

    illhelpyou, on February 10th, 2009 at 9:03 pm