Hacker News new | past | comments | ask | show | jobs | submit login

Well, it does have to get the user's permission to install it first...

From the F-Secure site: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb...

On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.

If infection is successful, the malware will modify the contents of certain webpages displayed by web browsers; the specific webpages targeted and changes made are determined based on configuration information retrieved by the malware from a remote server.

Did you even read the page you linked or the text you pasted?

It specifically states that the malware will infect the machine even if the user does not give permission.

Well, I feel stupid. I just skimmed it after going through the detection steps. I missed the part where it installs itself to a different location if it doesn't get the user's password.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact