Microsoft notify that “Unruy is a family of trojan downloaders and unsolicited advertisement “providers” and although you mightn’t have heard about it, it also is an infection vector for a rather prevalent family of rogues: Trojan:Win32/Fakespypro.” “Recently we discovered a variant of Win32/Unruy, namely TrojanDownloader:Win32/Unruy.D (6120ac9c363c6da7cd7f8bed4edd314f0d3d8f4e), that’s actively using Java vulnerability discussed in CVE-2010-0094. The vulnerability exploits a flaw in deserialization of RMIConnectionImpl objects. This flaw allows remote attackers to call, without proper sandboxing, system-level Java functions via ClassLoader of a constructor that’s being deserialized,” explains Microsoft.
Infection can occur when a user visits a webpage that hosts a malicious Java applet. If the user’s browser runs a vulnerable version of the Java Runtime Environment (up to version 6 update 18), exploitation may be successful and malware may be installed.
A security update for this vulnerability has been available since March 2010, and you must apply it as soon as possible.