14 DAY TRIAL // A new Mac Trojan Horse has been discovered, attempting to disguise itself by naming a file “intego” - a reference to the well-known security company responsible for VirusBarrier X5 for Mac.
Although carrying a medium-level risk for Mac users, OSX.RSPlug.E trojan horse is the fifth version of the malware first discovered in 2007, Intego asserts. Upon spotting a similar threat last month, Intego noted that OSX.TrojanKit.Malez required hackers to actually have access to a Mac in order to install the code. The company stated that, “as of the present, no Trojan horses or other means of replication have been found in the wild using this tool.”
However, Intego's most recent findings, surrounding the new OSX.RSPlug.E trojan horse, include some “interesting differences with the previous versions,” the firm says in its latest security memo.
“The samples Intego has seen, named FlashPlayer.v3.348.dmg and FlashPlayer.v.dmg, contain code that refers to Intego. The actual malware code is encoded (using a standard routine called uuencode), and when it is decoded, a line of code is present saying: 'begin 666 intego.' This tells the system to create a file with read and write permissions (the 666 is a shortcut for Unix permissions, not anything to do with the 'number of the beast'), and to create a file containing the malicious code, named 'intego.' Intego wants to point out that the company obviously has nothing to do with the creation of this malware, and that the choice of this file name is a provocation from the creator of this malware.”
As usual, Intego recommends its antivirus software application for Mac, VirusBarrier X5, as a means of protection. Users are thus advised to download virus definitions of VirusBarrier X5 dated December 2, 2008, which detect this downloader more specifically. Virus definition updates are available through NetUpdate from the Intego menu in the menubar.
Whether or not you will choose to get antivirus utilities for your Mac, Softpedia recommends that you never download and install software from questionable sources.