Cybercriminals want to profit. Creating malicious code requires time (or money, if they pay a third party to do it for them, as is the case with Banker trojans here in Brazil; you could also argue that time is money). A certain malicious code must make enough money for the criminals for it be worth the time or money spent on it.
So, a professional malware group is behind RSPlug, the latest Mac OS X trojan. The guys who created this trojan are supposedly the same ones behind Zlob, an infamous trojan responsible for the installation of infections such as “Smitfraud” (and its dozens of variants) — an infection that makes the user pay for its own removal. They’ve been doing this for years now. It must be profitable. Creating another trojan that does that is, economically speaking, risk-free.
But is RSPlug profitable? A trojan which redirects DNS requests aimed at only Mac users. Sure, these DNS servers are probably the same ones a malware for the Windows platform also uses. No need to set up additional servers. Still, they had to create the trojan, set up additional scripts in the website to detect OS X users, create the GUI, and spam the Mac forums. Was it worth it for the criminals?
They made a risky investment.
Granted, the investment was very small, since the trojan is relatively simple. But I do believe that this is like a test. Apple has been selling a lot of machines, and the Mac community is pretty focused. The criminals know where they can find Mac users to target their attacks. If it works, they’ll do it again. If it doesn’t, they’ll wait a few months, maybe a year, and try it again then.
If OS X gets enough market share, it might become a profitable operation. In which case the trojans will come around to stay. I doubt we’ve reached that point, but we will know soon enough - if more reports of OS X trojans created by professional virus writers keep coming, it’s a signal that we did.