Attention fellow Mac owners. Dont’ get powned by a Trojan that is going around. It is the first of its kind. It takes advantage of a security hole in Java for Mac (an essential part of the Mac OS, NOT written by Apple). Please do a System Update now.
But the biggie here is DO NOT enter your admin password if YOU did not initiate the reason for your computer to ASK you for the password. Unfortunately, this trojan is pretty smart and can install itself into other user accounts on the same computer.
As CNET blogger Topher Kessler explains, simply visiting a malicious Web site containing Flashback on an OS X system with an older version of Java installed will result in one of two installation routes. The malware will request an administrator password, and if one is supplied, it will install its package of code into the Applications folder. If a password is not offered, the malware will install to the user accounts where it can run in a more global manner.
Once installed, the Flashback will inject code into Web browsers and other applications like Skype to harvest passwords and other information from those program’s users.
Security company F-Secure has published instructions on how to determine whether a Mac is infected with Flashback.
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
