The Trojan horse poses as a codec to help users view pornographic videos, but in fact changes DNS server entries to direct surfers unwittingly to other Web sites. This could be for the purposes of phishing, identity theft or simply to drive traffic to alternative Web sites.
"What's important to realize is that this Trojan doesn't exploit a vulnerability in OS X, Leopard, Tiger, or any Apple code. This Trojan exploits the vulnerability within the person sitting in front of the keyboard. It's the Mac user who is giving permission for the code to run and allowing their computer to be infected," said Graham Cluley, senior technology consultant for Sophos. "This is not a red alert, but it is a wake-up call to Mac users that they can be vulnerable to the same kind of social engineering tricks as their Windows cousins. The truth is that there is very little Macintosh malware compared to Windows, but clearly criminal hacker gangs are no longer shy of targeting the platform."
Experts are urging Macintosh users to keep the threat in proportion.
"Mac malware like RSPlug makes the headlines because it is so rare," continued Cluley. "A Trojan horse like this for Windows would be unlikely to generate as many column inches because they are encountered every day. Nevertheless it obviously makes sense for Mac users to ensure that they are protected."
