This exploit kit exploits vulnerabilities in Java and installs a host of different malware including:
- Advertisement clicking malware
The investigation showed that the earliest signs of infection were at December 30, 2013. Other reports suggest it might have started even earlier.
Schematically the exploit looks like this: