New (old) Mac Trojan in the Wild

Like conflicker this malware has exploited Java vulnerabilities and is now self loading.

"The latest variant, discovered by security researchers at F-Secure and dubbed OSX/Flashback.K, takes advantage of a weakness in Java SE6. That vulnerability, identified as CVE-2012-0507, allows the malware to install itself from a malicious website the user visits, without needing the user to enter an administrator's password."

BTW, PC world tries to insinuate that this is a Mac virus by placing the text Virus over an Apple icon.

http://www.pcworld.com/article/253388/new_trojan_variant_can_install_without_password.html#tk.hp_new

Moral of the story. Turn off Java, don't install programs from sites your not familiar with. Don't visit sites that are labeled malicious and my guess that is most likely porn sites but other sites can get you as well. A few years back I googled info on a pastors son that died in an auto accident. When I clicked it a PC program auto downloaded but couldn't launch. From that time on I have not used Java and never needed it on Safari. I don't think Firefox even offers it as an option anymore. It's like using a Barbecue to heat your home. Don't do it.

--
Gregory Eddinger
Those that believe they can, CAN, because they BELIEVE!