Mac Fan, had you RTFA you’d see the screenshots and what browsers it
affects. The attack is the same “download and install this codec” attack
that made news by hitting the Mac a few weeks ago.

Huh? “The attack”? The article is about many different kinds of malware. Didn’t you read it? There are multiple links showing up in Google to multiple sites to various different types of malware.

Quoted several times to you...once again:

Once shunted to a malware-hosting site, the user might face a fake codec installation dialog. If the user doesn’t bite, the page’s IFRAME will get him, said Thomas. ”This is what’s doing the most damage,” he said. ”It’s loaded with every piece of malware you can think of, including fake toolbars, rogue software and scareware.”

“I ran into one, and it hosed my VM [virtual machine],” said Eckelberry. “Completely hosed it.”

The OS X malware that required the user to click on a link to download it, then mount the .DMG, then manually run it, then type their password in didn’t “hose” a Mac. It changed the DNS settings.

The IFRAME exploit on Windows only requires a user to click on a link to install the payload. It can hose your machine.