A few points that are not clear in this thread.
(1) The advice not to download stuff you don't know anything about is good. Equally, don't OK or enter your password if you're asked to install any software or plugins you don't know about.
However, what is missed is the fact that, in the recent outbreak, a variant of this malware installed itself in the user's home directory WITHOUT ANY USER INTERACTION. You didn't need to download anything, you didn't need to OK anything, all that was needed was to visit a perfectly legitimate blog (hacked w/o its owner's knowleged or permission).
Some may say it's not a big deal. But this malware was looking for on-line banking account numbers and passwords, which it could get and send back to its controller WITHOUT your password. In my world, that's a pretty big deal.
(2) As far as it's known, this vulnerability has been closed by latest Java update. But note that Apple released this update more than a month after the update had been available for Windows. The writing on the wall for Apple's Java has been there for all to see for some time now. Yet Apple said it would support it for this cycle, and a month late in this business is poor support indeed. One more proof that Mac OS X is no longer Apple's Schwerpunkt.
(3) An A/V vendor, Intego, was the first to report infection w/o user interaction, yet, IMHO, A/V software updates failed to keep up the pace. Although I use ClamXav, I shouldn't like to rely on any A/V software for this problem.
(4) The one constant factor in this story has been Little Snitch. The malware either self-destructed if it detected LittleSnitch, or it was caught and blocked due to Little Snitch. This reinforces my opinion that, on current computers, a reverse firewall is essential. On Win there's ZoneAlarm (the basic version is free). There's no free tool for Mac OS X, but there's Little Snitch or Hands Off!. I should not consider using either Mac OS X or Win without one of these.