Looks like the Mac virus/malware that has been infecting machines has 'improved' and gotten one step easier for an unassuming user to fall prey and to become infected (see this article). This new version can bypass the step where a user must give his/her administrator password to continue the infection process.
Here's the one easy thing you can do to assure that you will not infect your machine – you may??inadvertently or unintentionally??download the virus package but, if it is not installed, you can delete the downloaded file from your download folder. Here's how to protect yourself:
In Safari, head to the Preferences under the Safari menu item:
Now, under the General settings, make sure that the 'Open "safe" files…' option at the bottom of the window is NOT checked. Uncheck it if it is:
If you had this box checked in the past, when you downloaded a program, the computer would automatically open it and begin the installation process. Now, you just have to take the extra step of heading to the downloaded file and starting the installation process yourself.??
This is easy to do by double-clicking on the installer file in the Downloads window that opens up when you click a web site link to begin a download – no need to navigate to the Downloads folder, or your Desktop if that's where your downloaded files are saved.
It also looks like this option acts as a system-wide option for web browsers. If you are using Google Chrome, for example, this setting in Safari will be inherited by Chrome. So, even if you are not using Safari on a regular basis, make sure that you make this change in Safari to ensure that none of the other browsers you are using (like Firefox, Chrome, Opera, RockMelt, etc.) will automatically open downloaded files.