Bad web rep site...

See: htxp://2624633428-6.disbarmentscore.co7.us/1403171040.jar is present in the Dr.Web database of unwanted sites!
Analysis: http://malware-traffic-analysis.net/2014/06/19/index.html
and http://exposure.easyaudit.org/analysis/disbarmentscore.co7.us
and more info here: http://research.zscaler.com/2014/09/nuclear-exploit-kit-and-flash-cve-2014.html
In this hostlist: http://members.quicknet.nl/nj.vandompselaar/files/malware-domain-blocklist.txt

polonus

And then this code there: http://jsunpack.jeek.org/?report=f23ef84f292ebaeb8eeb5469f9e99727f1e9c20e
Undefined variable a major security risk with register_globals turned on. Info credits: Alin Purcaru
Shell script and bash.script with undefined variable under certain conditions.
With undefined variable unique Tracking ID one should make sure cookie has data in it,
the value of the visitor level custom variable. Returns undefined if unable to retrieve the variable for the specified index.
See: http://zerocert.org/?code=8daa9e2a22b4e5063ab8ffd712337d247132f655214232eddc130ff889266bf0
AutoShun has it as malicious this code: https://www.virustotal.com/nl/url/9a1e48bb98478a9c1b446b38dc1cbc8fc75401ed1b52eb9d3dcd20ac0c9e43f8/analysis/
And description of the attack: http://www.tripwire.com/state-of-security/security-data-protection/south-korean-attack-malware-analysis/
analysis author = Ken Westin and not only he, also here: http://eromang.zataz.com/tag/hauri/

polonus