Security & Privacy

We know it can be confusing when two pieces of malware are reported in one day, but it’s especially annoying to see another security vendor, Sophos, get things wrong. On a Sophos blog, one Graham Cluley claims that the malware that Intego calls OSX.TrojanKit.Malez, which other vendors are calling OSX.Lamzev.A, is a variant of the RSPlug Trojan Horse.

We issued two security memos this week: the first was about a variant of the RSPlug Trojan Horse, which exhibits some new characteristics, such as downloading its payload, which allows for that payload to be changed. The second is about a low-risk hacker tool that can be used to create Trojan horses. It is this latter that we are calling OSX.TrojanKit.Malez, and that other vendors have called OSX.Lamzev.A. This hacker tool has nothing to do with the RSPlug Trojan horse.

Intego discovered the OSX.TrojanKit.Malez back in August, but didn’t publicize it, because the risk is low. We released a security memo this week when we saw another vendor claiming that it was a Trojan horse, which it is not. Let’s hope that Sophos can figure this all out and get its naming straight.

Update: Thanks, Sophos, for issuing a correction.