As reported yesterday, over 600,000 Macs are infected by a Flashback Trojan botnet. The good news is, Apple has patched Java. You can visit Apple’s Support website and download the latest update.
Just a little background on the Flashback Trojan botnet per ZDNet.
Flashback was initially discovered in September 2011 masquerading as a fake Adobe Flash Player installer. A month later, a variant that disables Mac OS X antivirus signatures updates was spotted in the wild.
In the past few months, Flashback has evolved to exploiting Java vulnerabilities. This means it doesn’t require any user intervention if Java has not been patched on your Mac: all you have to do is visit a malicious website, and the malware will be automatically downloaded and installed.
Another variant spotted last month asks for administrative privileges, but it does not require them. If you give it permission, it will install itself into the Applications folder where it will silently hook itself into Firefox and Safari, and launch whenever you open one of the two browsers.
If you don’t give it permission, it will install itself to the user accounts folder, where it can run in a more global manner, launching itself whenever any application is launched, but where it can also more easily detected.
As a precaution, you should probably update to the latest Java release from Apple’s website. Just choose the OS X version you are using. I have Lion or OS X 10.7.x. Download and run the package. The patch takes less than one minute to install. It’s a quick and easy fix.