"Apparently, Mac forums have been massively spammed to drive lusty Mac users to porn sites that say that they require a Quicktime codec to be viewed. In the spirit of Halloween, the OSX.RSPlug.A trojan dresses up like said Quicktime codec, requiring an administrator password to install.
"The appearance of this trojan may mean that Apple has crossed some sort of threshold for malware writers.
One important thing to keep in mind is that this trojan does not exploit any Mac OS X weakness, relying instead on social engineering to deliver the payload. The user is asked for the administrator password, the disk image is mounted, and the malware installed. Such attacks mean that Mac users will no longer be able to blindly enter their passwords and trust in the benevolent intentions of the package creators, as many are accustomed to doing."
If the administrative password is not given, the trojan horse cannot install itself and all should be well. So one way to protect your computer is to avoid entering an administrative user ID and password unless you are expecting to do so, say, at login time. If a dialog pops up unexpectedly asking for an admin ID and password, just cancel the dialog.
Wayne