updated 05:10 pm EDT, Mon April 2, 2012
Recent malware continues to evolve
Yet another new variant of the Flashback Trojan for the Mac has been discovered in the wild, says security firm F-Secure. Called Flashback.K, the new version is said to be dangerous not only because it can infect a Mac without an admin password, but because it relies on a Java vulnerability that has so far gone unfixed in OS X, even though Oracle itself has closed the hole. Apple distributes Mac Java updates on its own timetable.
Previous versions of Flashback have tried to exploit Java, but were easier to defeat because they relied on old vulnerabilities. The malware has in fact evolved multiple times, at one point gaining the ability to circumvent OS X's built-in malware protection.
F-Secure provides an online guide for manually removing the Trojan if necessary. The most recent edition of OS X, Lion, ships without Java by default, but still supports the platform and provides instructions for installing the plugin.