Infected systems are being used both to hijack web requests that lead users to other phishing sites, and help display pornographic adverts, generating higher advertising revenue.
New trojan affects all Mac OS X versions
The trojan, dubbed OSX.RSPlug.A, is rated as a critical risk by Intego, and will have a lasting effect on those running both Mac OS X 10.4 Tiger, as well as Mac OS X 10.5 Leopard. Intego has indicated that it believes previous versions of Mac OS X are vulnerable as well.
According to Intego, the trojan attempts to install a video codec that will allow viewers to watch free pornographic videos on Macs. But when the user clicks on the still images to view the content, they are directed to a different web page and told they must download a new version of the codec to play the movie file on QuickTime.
To make matters worse, Intego found that Safari users who have checked the 'Open Safe Files After Downloading' option will find that the downloaded disk image will automatically mount, and the installer application will automatically launch.
If the user allows the installation to commence by inputting the administrator password, the system gains root privileges and is free to exploit the system.
There is currently no solution for fixing the exploit and no word on how many people have been affected.