Likewise, a contaminated website will display a "Video ActiveX Object Error," which prompts users to download a missing plug-in that is really a disk image. This image may mount and install itself automatically if a user's browser settings are enabled to allow it.

The factor differentiating RSPlug.E, however, is that it downloads files named "FlashPlayer.v3.348.dmg" and "FlashPlayer.v..dmg," which have encoded malware containing the line "begin 666 intego." This code taps into Unix permissions to create a malicious file called "intego," which the namesake company argues is intended as a form of provocation. Definitions in VirusBarrier X5 have been updated to detect and block the Trojan.

Apple recently pulled an anti-virus support page, claiming that Macs are generally safeguarded against malware threats; it notes, however, that anti-virus software may still be useful.