the discovery of an actual malicious trojan for the Mac

the OSX.RSPlug.A trojan dresses up like said Quicktime codec, requiring an administrator password to install.

the "codec" installer sets up a couple of fake DNS servers and a cron job that runs every minute to reinstall the DNS servers in case they have been removed.

the malicious DNS servers are asked to translate domain names into IP addresses, allowing the person in charge of these servers to redirect selected destinations.

used for phishing purposes "for sites such as eBay, PayPal and some banks"

users who think they're secure just because they're using a Mac

"the bad guys are taking Mac now seriously."

Mac OS X will soon become a significant target for malware writers for the first time.

The appearance of this trojan may mean that Apple has crossed some sort of threshold for malware writers.

this trojan does not exploit any Mac OS X weakness