Here's a interesting one. The OSX.RSPlug.A trojan horse was sent out at the end of October 2007. It has mainly been found on pornography sites and is a deceptive little bugger.
Here's how it works. You're out there surfing your favorite porn site and click on a movie thumbnail to watch something. The user is prompted to download and install a new QuickTime codec to watch the movie. That's strike one. Never trust a porn site to install software on your computer.
QuickTime updates are available through the Software Update application that's already running on your Mac, and on Windows if the iTunes/Quicktime package has been installed. This particular trojan horse only seems to affect OS X.
Moving on. A .dmg file is downloaded and the user has to double-click the file to decompress and launch the file. The user is then prompted to enter their administrative name and password to install. Strike two.
When you're prompted on an installer to enter the admin name and password, the installer will more than likely modify the system in some manner. In the case of OSX.RSPlug.A, it modifies the user's DNS settings and redirects them to more porn sites and phishing sites. Additionally, if the user tries to modify the DNS settings, an crontab added by this trojan horse will automatically reset the DNS back to the porn and phishing sites.
So what to do? Well, for starters, maybe stay away from porn. If that's too much of a stretch, then there are other things to do.
In Safari preferences, uncheck "Open safe files after downloading". This checkbox is located in Safari's General Preference settings. This prevents installers or compressed files from automatically launching.
Another more logical step is to set up all users as Standard Users and don't use the Administrative account as an every day account. This prevents all users from installing anything that modifies System files that aren't Admins. It's good practice.
Bottom line, use your common sense. Only trust installers from sites that you specifically visit to get something such as a software vendor. Did I mention to not surf porn?
Stay sharp out there!
Erik