RSPlug dropped on the scene in October of 2007. It was first detected by researchers at Intego. RSPlug’s various incarnations, all forms of the DNSChanger malware, were found disguised as video codecs on sites containing pornographic content. Once on a victim’s Mac, RSPlug changed that machine’s DNS settings so that, while browsing the web, users would redirect to phishing sites or sites containing advertisements for other pornographic sites. DNSChanger featured prominently as the target of the FBI’s 2011 takedown of the malware network, dubbed Operation Ghost Click.