14 DAY TRIAL // Mac uses need to start sleeping with the light on because there is a new security threat on the horizon. The culprit is a new OS X-specific Trojan horse that has started popping up on a few sites and has already affected one user.
OS X AV vendor Intego warns about what they labeled OSX.RSPlug.A, which is also known as DNSchanger or Ultracodec/Zlob in its Windows incarnation. The Trojan horse is delivered to the user on seedy sites under the pretense of being a QuickTime video codec needed in order to view adult content. Once the disk image containing the Trojan has been downloaded, and the installer application is run, it will ask for the user's administrator password in order to be able to install itself. The end result has nothing to do with video codecs, and everything to do with rogue DNS settings and a cron job that will constantly reapply these settings. To complicate things a little further, under Tiger, the malicious DNS entries are not visible in the Network system preference pane.
Since Domain Name Servers (DNS) are used to direct your browser to the appropriate network address when you type in a domain name such as 'www.softpedia.com' the rogue server that the Trojan points the computer to could redirect the user towards any site whatsoever. Common uses for this include spyware/malware sites, which would have no effect on Macs; pay-per-click search engines, which could be very frustrating but no more; other pornography sites, which could be very unpleasant depending on the circumstances; and last but not least fake versions of popular sites such as PayPal, eBay or banks, which would look identical to the real ones but send any and all information you enter into them to a third party.
Like all Trojans, this one relies on user cooperation in order to be able to do anything, so there is no hard way to prevent being infected. Of course, one could avoid downloading dubious software from unknown people on seedy sites off the back end of the Internet. If that can't be avoided, one should at least be wary of programs that ask for you administrator password, especially when they come from unknown sources.