The use of zero-day exploits in attacks has not been too far from the headlines of late. Today, Kafeine from Malware don't need Coffee has released a blog detailing yet another Java zero-day active in the wild and distributed through the Cool Exploit pack. The good news however—for Symantec customers who use our intrusion prevention signature (IPS) technology—is that Symantec proactively blocked the JAR file containing the exploit from the Cool Exploit Kit with IPS signature Web Attack: Malicious JAR File Download 11. Symantec telemetry also shows the Cool Exploit Kit beginning to serve the exploit as of January 09, [2013] and it being proactively caught by our products. There are also new reports of other Exploit kits containing this exploit that Symantec is actively investigating.

Blog: Java Zero-Day Dished Up from Cool Exploit Kit