Symantec recently received information on a new Java zero-day, Oracle Java Runtime Environment CVE-2013-1493 Remote Code Execution Vulnerability (CVE-2013-1493). The final payload in the attack consisted of a DLL file, detected by Symantec as Trojan.Naid, which connects to a command-and-control (C&C) server at 110.173.55.187.
Interestingly, a Trojan.Naid sample was also signed by the compromised Bit9 certificate discussed in the Bit9 security incident update and used in an attack on another party. This sample also used the backchannel communication server IP address 110.173.55.187.
read more.........http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident