OSX/RSPlug is an OS X trojan variant of OSX/DNSChanger first discovered in 2007. It was disguised as video codecs and offered primarily on adult web sites. Once installed, the malware manipulated DNS settings on the victim computer to redirect web requests to phishing websites and ads for other adult sites [1]. OSX/RSPlugA was one of the first two signatures introduced into XProtect, when silently released as a part of Mac OS X 10.6.0 Snow Leopard [2].

References:

1. https://en.wikipedia.org/wiki/RSPlug
2. http://www.macworld.com/article/1142457/snowleopard_malware.html