Important Mac Security Advisory
A nasty little script has appeared on someone’s machine. I suggest reading the entire page about it, though some sections are a little more technical than others.
This script does not exploit a known security hole in OS X. Rather, it does things that are all possible as an administrator and should be taken more as a warning about being careful about what you download and install. Not downloading software from services like LimeWire would be a good start. This is essentially a Trojan horse attack (like the Microsoft Office Installer Trojan). However, it’s more insidious in that its effects are not immediately visible, opting instead to facilitate things like allowing remote control and indentity theft.
I suspect that most likely, the original victim was downloading warez and just didn’t want to own up to getting caught with his hand in the cookie jar. Until the source is discovered, heed a warning that has always been true: be careful with what you install.