There is not an actual
spreadable trojan for OS X
in the wild.
To infect yourself, a user would have to follow these steps on OS X.
First you have to download the worm manually, from a porn site
Second, you have to double-click the DMG installer
Third, you have to agree to install
Forth, you have to give it your root password
Fifth, you have to agree again (via OS X)
Sixth, OSX warns you and you have to say "yes" to replace important OS X files
Hmm.. Sounds a lot like the
UAC in
Vista/Windows 7.. Where ever did Microsoft get the idea for UAC?
Any user who gets infected at that point, deserves it
That is a lot of work to become infected. Thus is why there is no "spread".
People like to make the point that "Mac has too small of market". Well, this has been said for 10 years now. Now, OS X is anywhere between 4% to 7% (depending on who your source is) WORLDWIDE. That's
millions of computers to "attack".
Last year a group offered $10,000 to anybody to make a Trojan for OS X that could be
spread - this was sanctioned by large AV companies for a true test. Nobody has stepped up to date to claim the $10K.
The main reason this has not been done, is because unless Mac users suddenly decide that they want to install a program from a porn site, enter there root password, click yes on a prompt that says it's changing important OS X files, it's not really going to spread too far.
BTW i am not saying Mac is the end all perfect OS and is infallible. Just wanted to open your eyes to some of the stuff that is going on behind the scenes. I am overjoyed that MS has decided to implement non-admin user accounts and yes/no prompts for making mods to the computer. I have yet to run into PC's running Windows 7 or Vista infested with numerous viruses, 1000's of separate pieces of malware, AKA common problems I have seen time and again on XP, 2000, 2003, etc.
But to jump all over Apple like this is kind of lame considering the situation.
Take a look at some of the security updates XP does, anything with the word Critical in it, usually means remote code execution or some code that allows an attacker to control your computer. Thing is, you don't even have to go to a questionable porn website, Microsoft packed IE, Windows Explorer, Excel, Word, etc with these flaws, built into the software when you install it!