AlienVault was yesterday alerted about a new Java zeroday being exploited in the wild. AlienVault's Head of Labs, Jaime Blasco was able to obtain the files and reproduced the exploit in a fully patched new installation of Java. Below are his findings and analysis:
The Java file is highly obfuscated but based on the quick analysis AlienVault did the exploit is probably bypassing certain security checks tricking the permissions of certain Java classes as we saw in CVE-2012-4681 . When reproducing the exploit, AlienVault were able to trick the malicious Java applet to execute the calc.exe in their labs: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
The exploit is the same as the zero day vulnerabilities we have been seeing in the past year in IE, Java and Flash. The hacker can virtually own your computer if you visit a malicious link thanks to this new vulnerability. At the moment, there is no patch for this vulnerability, so the only way to protect yourself is by disabling Java. Everyone one running an updated version of Java in Windows and probably in MacosX is in risk right now, until Oracle release a patch. We also expect a Metasploit module to appear in the next few days, similar to the activities that occurred last year as well as most of the exploit kits adopting this new zero day sooner rather than later.
AlienVault will be tracking this exploit and updating their blog with any new findings: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/