So if you haven't already disabled your Java client, please do so before this thing really become an outbreak. Check out our previous post for instructions on how to disable Java on your Mac.
Our previous instructions on how to check whether you are infected with Flashback is still applicable. However, for this variant, there is an additional updater component that is created in the infected user's home folder. By default it is created as "~/.jupdate".
A corresponding property list file is also created so that it will execute every time the infected user logs in. By default, the property list is created as "~/Library/LaunchAgents/com.java.update.plist".
However, these filenames may be different in the actual infected system as they are configurable by the malicious webpage delivering the exploit: