Intego has discovered the first 10.5 Trojan Horse in the wild. The "OSX.RSPlug.A Trojan Horse" is a malicious application that users inadvertently install on their machines while browsing pornography sites. The user will click on a still of video and the following message appears:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

The .dmg file pretends to install the missing codec and asks for the users password giving the DNSChanger root access. Once active, it will hijack web requests leading the user to phising sites.

Intego states: Under Mac OS X 10.4, there is no way to see the changed DNS server in the operating system’s GUI. Under Mac OS X 10.5, this can be seen in the Advanced Network preferences; the added DNS servers are dimmed, and cannot be removed manually.

Remember folks, be careful out there.