[cooldeal]

Doesn't it use a Java exploit?

From the article:

>..the most recent variant from earlier this week targeted an unpatched Java vulnerability within Mac OS X. That is, it was unpatched (at the time) by Apple—Oracle had released a fix for the vulnerability in February of this year, but Apple didn't send out a fix until earlier this week, after news began to spread about the latest Flashback variant.

>..the malware installs itself after you visit a compromised or malicious webpage, so if you're on the Internet, you're potentially at risk.

Where is the social engineering part?

[mbreese]

Well, it does have to get the user's permission to install it first...

From the F-Secure site: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb...

On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.

If infection is successful, the malware will modify the contents of certain webpages displayed by web browsers; the specific webpages targeted and changes made are determined based on configuration information retrieved by the malware from a remote server.

[cooldeal]

Did you even read the page you linked or the text you pasted?

It specifically states that the malware will infect the machine even if the user does not give permission.

[mbreese]

Well, I feel stupid. I just skimmed it after going through the detection steps. I missed the part where it installs itself to a different location if it doesn't get the user's password.