The application, downloaded from the website with a Chinese telephone number, offers a .exe file, but tries to deliver a .dmg file when accessed from Mac. The file contains the virus RSPlug.F, which tries to alter the DNS settings on the victim's Mac, thus enabling the attacker to direct the machine to different domains when the user is online.

RSPlug first surfaced in late 2007, and has since been through six iterations. The most recent ones have deliberately taunted specialist Mac antivirus company Intego. The malware has been delivered via drive-by browser exploits, and also as a fake video codec, commonly served on porn sites.

The new malware variant and delivery vector indicates a slow but steady increase in interest in the Mac platform on the part of malware writers. Speaking at the CanSecWest conference last week, OS X security researcher Dino Dai Zovi criticised the vulnerability of the Mac platform to attacks, arguing that the relatively low number of attacks on OS X were due to the low market share of the platform.

"Os X is currently a relatively safe operating system to run for most people because you're probably not going to get hit by some random website, but it's not very secure," said Zovi. "Hacking Vista is hard work. Hacking Macs is fun." He added that he hoped the next version of the Mac operating system, codenamedSnow Leopard, would tie up some of the more glaring security holes that he had identified in the system.

Anti-malware products from both Sophos and Intego both detect the RSPlug Trojan.