The new variant has been found on pornographic Web sites and presents itself when a users tries to view a video. When attempting to view the video an error message comes up saying “Video ActiveX Object Error,” and then gives a link for a download.
If your browser settings allow the file automatically begin installation clicking cancel will not terminate the install. It will only take you back to the original installer application. The only way to make the alert go away is to download the infected disk image or quit the browser, according to Intego.
Intego said it has seen the trojan present itself as downloads for “FlashPlayer.v3.348.dmg and FlashPlayer.v..dmg.” The trojan contacts a remote server to download the files it installs, which means that in the future it could install other payloads than the one it currently installs.