The number of infections might be hyped, but the wise course of action for most users (Windows, Mac or GUU/Linux) is the same regardless, and it is mostly about avoiding the outdated approach of having powerful software run-time systems used in web-browsers; mainly running Java Applets or Adobe Flash content.
1. Disable Java Applets in web browsers. (In Safari, go to Preferences > Security). On Mac OS versions 10.6 and above 10.7 and future versions, simply do not install Java in the first place.
2. For good measure, try to do the same with Flash Player, but that is more widely needed than Java Applets, for now. (This attack uses a Java weakness, but Flash Player weaknesses keep happening too: having a web browser or email system set up to automatically download and run software when all you do is visit a website or open an email message is a bit crazy: even if Java and Flash Player try to be safe, holes keep being found.)
3. If, like me, you occasionally need to use Java Applets, handle with care: enable the browser's ability to run Java Applets as needed; disable when done. Ditto for Flash Player?
4. Since (3) is annoying, discourage the use of any run-times in browsers, like Java Applets or Flash Player: these are out-dated insecure approaches. Fortunately, both Microsoft and Apple are pushing in this direction with IE 10 and Safari. (And of course, the iPad and all iOS devices are safe from this sort of attack, due to the notorious total prohibition of run-time systems like Flash Player.)
One thing I am not clear on: it seems that this trojan is dependent on the browser running Java Applets, rather than more general enabling of running Java programs, but is this true, or does it work simplify having Java operative on the computer? I often use locally installed Java software, but very rarely use Java Applets via a browser.