The talkbacks on ZDNet are hilarious (emphasis mine):
It's NOT happening now. As a writer, Ed, you need to check your facts before you simply publish some PR company's "advertorial." Show me the infected Macs (that don't have Virus applications, Trojans or other malware on them that only runs on Windows). I'll bet that F-Secure can't show YOU 1,000let alone 600,000 Macs infected with this Trojan.
Apple released an update LAST FALL to handle this very exploit in the JVM. And everyone's Software Update alerted them that they needed to update and reboot their system. And the "exploit" requires that the user first type in his or her password in order to install the malware, which ought to have alerted the unwary.
So, a good six months after Apple releases a patch, F-Secure publishes documentation on an exploit that they most probably created to take advantage of a past vulnerability that has all ready been patched. Then they estimate that 600,000 (a nice, round number) Macs are "infected," because they managed to infect their one Mac with the Trojan.
F-Secure is presently trying to beta-test an anti-malware application to run on Macs. So their motivation is clear: 1: Scare OS X users into thinking they're vulnerable, 2: get more people for their beta test, 3: sell their app to them and 4: profit. But please note: F-Secure's beta test only runs on Leopard and Snow Leopard (that's 10.5.x and 10.6.x), and Apple released Lion (10.7) back on July 20, 2011. Obviously, F-Secure acknowledges that Lion is even LESS vulnerable than previous versions of OS X.
Apple will be further locking down applications that run on their operating system with Mountain Lion, making the Mac even more impervious to malware. Currently, the ONLY issue with malware on Macs is that they could, if they run Windows or are hooked up to a network with Windows computers sharing that network, be a repository for viruses to repeatedly attack the Windows OS.
Thus, if you are running Windows on your network or on your Mac, you need an anti-malware application for protection. Those who aren't needn't bother.
Sorry, folks. This is just not true. I challenge ZD to find 100 infected Macs (that are not owned by a malware-prevention company), let alone 600,000, and show that they are, indeed infected by this Trojan. The ONLY WAY a Mac running OS X can be infected with any malware app is for the user to type in his or her password to install the app. Period. And if you're surfing the web, you're not typing in passwords.
Macs DO and CAN have malware on them, but the target for the Malware is Windows, not OS X, so if you do not run Windows on your Mac, and if your Mac is not hooked up to a heterogenous network with both Macs and PCs running Windows, there is NO DANGER.
Why Ziff-Davis would continue to spread this outright falsehood is puzzling. Perhaps they're accepting tons of money from F-Secure, Mcaffee and Symantec to do this. I have now personally checked 40 Macs running several versions of OS X for this supposed Trojan. None have it. I have checked in with a large community of creative professionals. None have it. Apple is going to be releasing Mountain Lion soon, which will further lock down applications to prevent malware on the system and the companies that sell malware prevention see that this false rumor is the last chance they have to fool Mac users into thinking they need their applications. Additionally, as tablets and smartphones become the daily computer-of-choice for consumers, these companies see their market shrinking dramatically.
So find me actual infected Macintosh computers running current versions of OS X that number any significant fraction of the claimed infection first before you report this falsehood. I always used to think that fact-checking was part of journalism. By the way, I did try posting this on my iPad. Your website apparently doesn't allow that. Maybe it's because iPads are impervious to malware?
Shake my head.