A new Mac OS X Trojan Horse exploits a vulnerability that lets applications masquerade as other file types to effectively hide "in" MP3 files. Especially interesting is the resulting files are still playable in iTunes, so it could spread itself to other MP3 files and go mostly unnoticed. (It isn't clear from the information available if Trojaned MP3 files are playable in other MP3 players; it doesn't sound like it.) MacFixIt has more details.
Update: Thanks to bda for pointing out that this story has since been recanted. Wired even replaced the article at the link above with an article criticizing the burgeoning anti-virus software company for overhyping a non-issue. The proof-of-concept they authored requires that the MP3 file be compressed for Mac OS 9 (not OS X) using misleading resource fork data to make the application look like a file. OS X is hardly affected, and this "Trojan" is not in use in the wild.
This is overhyped.
The trojan relies on resource fork data telling Finder that it's not an MP3, but an Application. So only when it's executed (opened) via Finder will the code hiding in the ID3 tag be run.
The threat level here is low; it was written purely as a proof of concept. You can't get infected by downloading mp3s by themselves; you'd have to get an archive containing the file's resource data as well.
Also, this is an OS 9 application -- it's written in Carbon -- so calling it an OS X trojan is misleading. It affects anything that relies on resource fork data for file assocations.
Overall, nothing to worry about. Integro just wanted to get some hype for their product, which no one had ever heard of.