Exploit-FCM!B859C28388C2 is the exploit corresponds to the vulnerability ‘CVE-2012-0507’
It is the detection for a malicious Java class files stored within a Java archive (.JAR) , which attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including versions 5 update 33,version 6 update 30 and version 7 update 2.
This exploit may be encountered when visiting a compromised webpage that contains the malicious code.
The code is created by an attacker using the "Blackhole" Exploit Kit and inserted into a compromised webpage.
When the page is visited by a user running vulnerable versions of Java, the malicious Java class runs and allows the execution of arbitrary code.The vulnerability exploits a flaw in the deserialization of "AtomicReferenceArray" objects, which allows remote attackers to call system level Java functions via the ClassLoader of a constructor that is being deserialized without proper sandboxing.
The attacker may host a malicious script on a website. If a user visits the site, the script loads the Java applet.
The malicious Java package may contain the following malicious Java class files:
The file neb.class triggers the vulnerability. The method init() builds the object AtomicReferenceArray for the execution of malicious Java code outside the sandbox.
And the other one (yaw.class) is a loader class which creates another class (Eg: C.class) file at runtime and loads.
This class (C.class) downloads malware from a certain server and executes it.