The Microsoft Malware Protection Center Threat Research & Response Blog reports findings of a new variant in the Win32/Unruy family of trojan downloaders exploiting a known Java vulnerability.
According to Microsoft:
Infection can occur when a user visits a webpage that hosts a malicious Java applet. If the user’s browser runs a vulnerable version of the Java Runtime Environment (up to version 6 update 18), exploitation may be successful and malware may be installed.
A patch for this vulnerability was released back in March this year, and it is suggested that you apply this patch ASAP if you haven’t already. Again this highlights the increasing need to keep all your software up to date!
[Source]