Of course it's a scam. (The malware authors badly overplayed those malware counts, too, but I digress.)
Where's the pop-up arising? Specific web sites, or all over the web? (More than a few web sites have been breached lately, but then there are a number of sites serving up malware.)
You'll want to look at loading a Flash-blocking tool into your browser, disabling popups in whatever browser you're using, and you'll likely want to disable Java in the browser, too.
As a general rule, do not authorize the installation of proffered downloaded tools from any source other than from Apple. This includes the notorious "required video codec" from a web site purporting to show videos. (Legitimate video sites will almost always use either Flash or H.264 for video, and you have those.) And yes, the MacDefender stuff.
(Yes, there are many download packages that are legitimate, but the usual sorts of freebies around can also be Trojans. If you're not sure, look around for feedback before downloading the package. Or look to use the Mac App Store as a source, or another curated source.)
So-called Trojans ("Trojan Horses") are easy to implement on Mac OS X and on most other operating systems. Get somebody to download your malware package, and get them to enter the privileged password to authenticate it, and (as a malware author) you're good to go for whatever you're planning.