Many sources are reporting that a "trojan horse" has been released targeted at OS X. A computer "trojan horse" is a program that attempts to get the user to install it onto the user's machine much as the wooden horse was a "present" to the residents of Troy acting as an incentive to induce the inhabitants of the city to open the city doors themselves and pull in the horse containing enemy soldiers.

This "social engineering" (as it has been termed) is a technique that attempts to exploit the average computer user's lack of computer knowledge to help the break-in take place.

Arstechnica describes it this way:
http://arstechnica.com/news.ars/post/20071101-rsplug-a-mac-os-x-trojan-a-new-threat-but-the-sky-is-not-falling.html

"Apparently, Mac forums have been massively spammed to drive lusty Mac users to porn sites that say that they require a Quicktime codec to be viewed. In the spirit of Halloween, the OSX.RSPlug.A trojan dresses up like said Quicktime codec, requiring an administrator password to install.

"Savvy users should notice that something is wrong, as most sites targeted by phishers use SSL, which ties a cryptographic certificate to a DNS name. Just redirecting the DNS name isn't enough to phish successfully; some additional browser tricks are required to show the actual URL of the target site with the little lock in the browser.

"The appearance of this trojan may mean that Apple has crossed some sort of threshold for malware writers.

One important thing to keep in mind is that this trojan does not exploit any Mac OS X weakness, relying instead on social engineering to deliver the payload. The user is asked for the administrator password, the disk image is mounted, and the malware installed. Such attacks mean that Mac users will no longer be able to blindly enter their passwords and trust in the benevolent intentions of the package creators, as many are accustomed to doing."

If the administrative password is not given, the trojan horse cannot install itself and all should be well. So one way to protect your computer is to avoid entering an administrative user ID and password unless you are expecting to do so, say, at login time. If a dialog pops up unexpectedly asking for an admin ID and password, just cancel the dialog.

Wayne