There is yet another series of malware out which exploits holes in the Oracle (Sun) Java language, including the most recent version (Java 7 Update 10) as of Jan 12 2013.
Disable Java in your Web browser now. After the Java based attacks of last year, and this “New Years Gift” exploit, I can see little reason to keep Java enabled one minute longer.
There is no need to run the Java language for 99.9% of web browsing. Those who need to run specialized online applications that require Java (like some group meeting software) will need to make a decision about the security risk. The risk involved is that Java gives a web page the ability to control some software on your machine. When the virus writers find a hole in Java, they can dodge around the security restrictions and execute commands and read and write files on your computer without your knowledge or control.
For Windows and the latest version of Java, the simplified method to disable it from your Web browser is here http://www.java.com/en/download/help/disable_browser.xml
For older versions of Java and Mac, follow the instructions here
If you are using Internet Explorer, I recommend that you discontinue using it and switch to Firefox with the NoScript plugin. IE not only is difficult to remove Java from, it is also tied into Microsoft’s ActiveX scripting, which is another potential vector for malware, and was hit with a zero day exploit.