Apple's latest OS, the Mac OS X Leopard, is apparently the target of a malicious Trojan horse which is being spread through several pornography web sites. The Trojan claims it installs a video codec necessary to view free pornographic videos on Macs, but instead users install the malware program.

The actual Trojan horse is apparently a form of DNSChanger, according to security web site Intego. It hijacks some DNS requests in order to point the user to phishing web sites (instead of sites like Ebay, PayPal and some banks) or porn pages. The Mac OS 10.4 Tiger is also a victim, according to Intego.

In fact, if you're running Tiger, chances are you never realize how you were infected, but Leopard's Advanced Network preferences will at least let you recognize that the DNS servers have been changed. However, the malware program prevents the DNS servers from being changed.

The Trojan horse has been dubbed OSX.RSPlug.A and claims it is a Quicktime codec. The install process requires you to enter the administrator password. In the console, the script can be found at the following location: /Library/Internet Plug-Ins/plugins.settings

McAffee has codenamed the Trojan horse "OSX/Puper" and says it poses a "Low" risk, mainly because it doesn't spread by itself. You actually have to go to an infected porn site and accept the whole install process. Apparently, the Trojan does not duplicate itself further than that.

The Trojan changes the DNS servers to:

s1=85.255.116.71
s2=85.255.112.63

This is one of the first professional attempts at attacking Mac OS X machines for profit. It may very well mean that buying a Mac will not keep you safe, as it was the case until now.