Yep they exploit them all, the point it to keep up with all updates, sure they will find one that has not even been picked up yet but those are really rare, this Trojan was in the wild for 2 weeks so it should of been plugged ages ago.

This week Java, next week php and anything else that runs online.
There spammers are pests its the credit card fraud and bot controllers that are the major criminals online.