From the article:
>..the most recent variant from earlier this week targeted an unpatched Java vulnerability within Mac OS X. That is, it was unpatched (at the time) by Apple—Oracle had released a fix for the vulnerability in February of this year, but Apple didn't send out a fix until earlier this week, after news began to spread about the latest Flashback variant.
>..the malware installs itself after you visit a compromised or malicious webpage, so if you're on the Internet, you're potentially at risk.
Where is the social engineering part?
From the F-Secure site: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb...
On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.
If infection is successful, the malware will modify the contents of certain webpages displayed by web browsers; the specific webpages targeted and changes made are determined based on configuration information retrieved by the malware from a remote server.
It specifically states that the malware will infect the machine even if the user does not give permission.