CYBERSPACE — It’s time once again for much-beleaguered PC-lovers to snicker behind their hands and for normally smug Apple lovers to scowl and duck their heads in annoyance. A new piece of malware, custom designed for the Apple X operating system, is busily fucking with machines that visit porn sites offering free content advertised on a number of Mac community message boards. According to security software firm Intego on Wednesday, OSX.RSPlug.A is a Trojan horse that makes the jump from site to hard drive after visitors are misled into believing that their copy of QuickTime will not properly view available content. While they download and install what they think is a new codec, the Trojan waits for the victim to activate the disk image (.dmg) and installer.pkg files, and type their admin password. Then, instead of the new QuickTime codec, the exploit installs its bad self.

What happens next is pure phishing, with the infected user’s domain name system settings being changed and redirected to sites specifically created to steal personal information or hosting adult material.

Those infected and running Mac OS X 10.4, aka “Tiger,” are unable to see that their DNS information has been altered. Those with the newer OS X 10.5, aka “Leopard,” are not so limited, however, and can view the now-dimmed data by using their advanced network preferences.

Although rival security company Symantec cautions that Intego is prone to “overhype things,” the latter opines that the vulnerability can likely attack systems running older versions of Apple operating systems since the OS X versions contain what Intego refers to as the “scutil command,” which permits DNS alterations.

Intego assures users that its software can remove the Trojan, and cautions that it is able to check infected systems every minute to assure that they remain that way.

In spite of Symantec’s assurances, some believe that the existence of OSX.RSPlug.A is a sign of things to come. ZDNet.co.uk’s Mac expert is only one among many who have been shocked by the discovery, which could have implications for a wide range of Apple products, including iPhones and the Touch, which each run OS X.

Sunbelt Software, McAffee, and the SANS Institute’s Internet Storm Center have all confirmed Intego’s citing of the malware, with each posting observations about the situation on their websites.

Given that the attacker is aimed exclusively at Macs, an increasing number of experts are foretelling that more of the same are likely on their way, thanks in large part to the recent surge in Apple’s popularity.

Part of what makes this latest assault on internet security important is the code’s use cron tabs, which tell the operating system to run commands. Although primitive, it is an initial step toward what is expected to be more sophisticated exploits of security holes – and human impulse control problems.

“The bad guys are taking Mac seriously now,” Bojan Zdrnja of Internet Storm Center observes on the organization’s website, pointing out that DNSChanger exploits are not unfamiliar to Windows users.