Another wrinkle in the spy-vs-spy Mac security game appeared Wednesday when a Mac Trojan Horse attempted to disguise itself by naming a file “intego,” a reference to company.
Intego said the OSX.RSPlug.E trojan horse carries a medium-level risk for Mac users, making it the fifth version of the malware first discovered in 2007. In November, the developers outlined RSPlug.D, a trojan horse which downloaded a malicious file.
Like the most recent version, OSX.RSPlug.E entices Mac users with pornographic sites that insist a “missing Video ActiveX Object” must be downloaded in order to view a video. The infected download then contacts a malicious remote server.
Unlike previous versions of the Trojan, two .dmg archives: FlashPlayer.v3.348.dmg or FlashPlayer.v.dmg, create an encoded file named “intego” with read and write permission.


