The issue in question is a trojan (affecting both Leopard and Tiger) that can tag along normal Mac OS X applications. Once installed, it sets up a keystroke logger named 'logkext'. It then moves on to set up a VNC server listing the infected computer, giving the hacker remote access to the machine. In addition, it also installs a web-based 'PHP shell' program, giving the hacker control over your machine through a mere web browser. To prevent losing track of the infected machine because of changing IP addresses, the trojan also sets up the machine so that it can be tracked using a dynamic DNS services. The trojan makes use of either last week's unpatched ARDAgent vulnerability, or an old, already patched privilege escalation vulnerability.