Apple released a Java update that patches the security hole on April 3, but it was already too late by that point. News of the massive infection rate broke on April 4.
As such, the electronics giant is also working with ISPs around the world to take down computer servers hosted by the malware authors. In addition to the Java vulnerability, the Flashback malware relies on this command control network to perform many of its critical functions.
What if you can't wait for Apple to release its tool? There are a few things you can do.
First off, you can grab the new version of Java from Apple here: Java for Mac OS X 10.6 Update 7 and Java for OS X Lion 2012-001. If you're running Mac OS X v10.5 or earlier, your only option is to disable Java in your web browser(s) preferences: How to disable the Java web plug-in in Safari.
If you want to see if you have it, there are a few options. Dr. Web and Kaspersky have online tools to check if you have the Trojan. There's also a tool called FlashbackChecker available on GitHub.
If you know you have it and want to get rid of it, there are also a few options. F-Secure has instructions on how to remove the malware. CNET has a step-by-step guide for removing it. Last but certainly not least, the easiest way to get rid of it is to download and use the Kaspersky Flashfake Removal Tool.