One of the “selling points” of OS X is that it is immune from trojans, viruses and the like. Well, apparently not. Leopard hasn’t even been out a week yet and there is already a Trojan making it’s rounds on Mac OS X.

According to the Intego security alert:

A malicious Trojan Horse has been found on several pornography web sites, claiming to install a video codec necessary to view free pornographic videos on Macs. A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites. When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.

According to the report, it will then re-write the DNS server built into the OS and re-route user requests to phishing sites.

Mac users, perhaps you should read my article on how to hand your PC to hackers in 9 easy steps. The problem might not be as large in OS X as it is in Windows, but the threats are still there. And you open yourself up to it much more by surfing porn sites.

MacWorld has manual instructions on removing this threat and detecting if you actually have the Trojan. This only applies to Leopard, not Tiger.