First up is a pair of Java vulnerabilities. If those are already patched, then the trojan tries to find vulnerability in the user instead. It displays a digital signature supposedly belonging to Apple and asks for access to your computer. There are a few things fishy about this, but the average user is unlikely to pick up on them. Many people, especially if tired or distracted, could easily click “Continue” without realising.

If successfully installed, Flashback goes back to its old tricks of looking for usernames and passwords. It specifically targets banking websites, no doubt seeking information useful for identity theft.
Now, let’s talk about the good news. This version of Flashback purposely attempts to avoid systems that have an anti-virus installed, so the mere presence of security software is a boon. In addition, the method used by this trojan to intercept and report passwords will cause some software that requires network access, such as Skype, to crash. This can give you the heads-up.