[Xuzz]

The interesting part is that I still haven't seen one traditional "virus" — even is thing appears to still be just social engineering users to install it, by pretending to be Flash Player. I can't imagine it's that much more difficult to actually find an OS X vulnerability to propagate with, but I still haven't seen any.

Edit: It appears this uses a Java vulnerability, rather than the fake-Flash Player-installer that it was originally reported using (possibly an older variation of the same malware). So that's no longer accurate!

[FireBeyond]

And almost no Windows "malware" in the last decade has been a traditional "virus" either. Trojans, social engineering, all so much easier.

[eli]

I disagree. Visiting a malicious website or opening an email that exploits a vulnerability in your os or software is very common.

[FireBeyond]

Citation? The last thing along those lines I'd heard of was the PNG(?) exploit.

[eli]

Well, for one, the Java vulnerability discussed in linked article is actively being exploited on Windows to install that obnoxious fake "Antivirus 2012" malware.

[DanBC]

And those are not viruses unless they self-replicate.

[enfoster]

I would consider the series of Sasser and Bagle worms during 2004 to be a traditional virus.

[ZephyrP]

Exploit kits are big these days!

[rmc]

The interesting part is that I still haven't seen one traditional "virus"

Originally, when it was just us geeks using computers, 'virus', 'malware', 'trojan', etc. where different terms for different things.

Now a days, 'virus' is used by the general public & media to refer to any sort of bad programme that should be removed.

[cooldeal]

Doesn't it use a Java exploit?

From the article:

>..the most recent variant from earlier this week targeted an unpatched Java vulnerability within Mac OS X. That is, it was unpatched (at the time) by Apple—Oracle had released a fix for the vulnerability in February of this year, but Apple didn't send out a fix until earlier this week, after news began to spread about the latest Flashback variant.

>..the malware installs itself after you visit a compromised or malicious webpage, so if you're on the Internet, you're potentially at risk.

Where is the social engineering part?

[mbreese]

Well, it does have to get the user's permission to install it first...

From the F-Secure site: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb...

On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.

If infection is successful, the malware will modify the contents of certain webpages displayed by web browsers; the specific webpages targeted and changes made are determined based on configuration information retrieved by the malware from a remote server.

[cooldeal]

Did you even read the page you linked or the text you pasted?

It specifically states that the malware will infect the machine even if the user does not give permission.

[mbreese]

Well, I feel stupid. I just skimmed it after going through the detection steps. I missed the part where it installs itself to a different location if it doesn't get the user's password.