Has anyone thought about how you would write malware for osx 10.4/5?

Assume you already have a browser exploit for a foothold...

How would you:

- run arbitrary code
- have a persistent installation
- load on boot
- escalate permission
- avoid detection & removal (notrace?)

I have just switched to mac and I realize I don't have a familiarity with how these different points would operate during a system compromise... for instance I would use hijackthis for a persistent installation, but wtf would you use on a mac?