A few hours ago, FireEye published some information related to a new Java 0day exploited in the wild.

The malicious JAR file was served from ok.aa24.net / meeting / index.html

The html loads the Java applet passing some parameters that are used later to build the URL to download the payload. …

http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/