Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform (http://arstechnica.com/security/2012/07/cross-platform-web-exploit/). The attack was spotted by researchers from antivirus provider F-Secure (https://www.f-secure.com/weblog/archives/00002397.html) on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform.
http://linux.slashdot.org/story/12/07/10/1756205/web-exploit-found-that-customizes-attack-for-windows-mac-and-linux