Mac Flashback Attack Began With Wordpress Blogs
With more on the Flashback malware plaguing many Macs, beaverdownunder writes with some explanation of how the infection grew so quickly: "Alexander Gostev, head of the global research and analysis team at Kaspersky, says that 'tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.'"
I have had non technical Mac users ask me about this, that means that they (or at least more of them than before) are open to advise about security and don't just smugly boast about Macs being invincible any longer. This makes everyone safer from my view.
BTW the advise I give Mac users who ask is as follows:
1: run apple menu->software update manually at least once a week, and download everything it suggests*
2: use a non admin account for daily activity and NEVER provide admin creds unless you know exactly what it is using them for, you should never need to do this while surfing the web.
3: Only get software from trusted sources, like the app store, SourceForge, or vendor web sites like Adobe or Autodesk.
4: Switch to a platform where java is controlled and updated by the first party, Oracle and not a third party, Apple to ensure you have the best security possible.
*Just as with windows or any other *NIX box, there is an exception to the all update thing, if you know that it will break your workflow or some component thereof, you can skip it while that is worked out.