A couple of hours ago @Kafeine discovered a new java 0 day exploit in the wild.
This exploit is served by most exploit kits like Blackhole, Cool exploit kit and Nuclear pack.When the malicious applet is executed its download and execute a copy of Zeus.
A curious thing is that Zbot comes with a self signed digital certificate.
But detection rate is quite good with 12/46 link.
The jar file has been dropped by Blackhole so it's heavily obsfuscated by some commercial obfuscator and is detected by 5/46 link.
You can find both files here. (password is: malware)
If you want to read more take a look at kafeine's blog post.
Working Poc here.
Quick video to show you this PoC against Avira Free antivirus