If you haven't heard by now, the malware exploits a flaw in the Java Virtual Machine, which Oracle pushed a fix for back in February, but Apple didn't patch until a botnet consisting of as many as 650, 000 Macs was identified on March 4th.
ENGADGET: Apple publishes support page for Flashback malware, is working on a fix