There is a note on Macintouch today about somebody being hit by the opener rootkit on OS X. The rootkit is available for download from a .mac account as osxrk. This kit has been in the 'wild' for over a month now. The opener file says it will move itself to
/System/Library/StartupItems. The script is aware of LittleSnitch and kills it before making network connections to download tools for wiping out logs and gathering of passwords.
From the readme "rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more."