If you're running Mac OS X 10.4 or 10.5, there's a nasty Trojan horse out in wild that antivirus firm SecureMac has spotted being distributed from a hacker website. Taking advantage of a vulnerability of the Apple Remote Desktop agent, the Trojan does every sort of bad thing to your computer.
According to SecureMac, the Trojan runs hidden on a Mac and allows a malicious user complete remote access. The Trojan can transmit system and user passwords, and avoid detection by opening ports in the firewall and turning off system logging. The AppleScript version, SecureMac reported, can also log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing.
The Trojan requires the user to give it premission to install, but the bad guys have a big bag of tricks to get people to do that. The hacker website featured a discussion on how to distribute the virus to unwitting users through iChat and Limewire. Since Limewire is a P2P client, people pretty much use it with the express intent of downloading things, so the threat is very real. The exploit is considered a critical one, but still not very common. Be careful out there, people!