In our most recent rule pack, amongst the 39 new rules were two very important rules that may require a bit of analyst work when you see them alert. The rules look for a Java User-Agent outbound from your network in the User-agent string of the http header. In fact, we’ve had these rules in our test systems for about a month and we’ve seen zero false positives. While it may be an extra layer of protection to write rules that look for these known bad files in the blackholev2 exploit kit, the way I wrote 25041 and 25042 will catch much more.”]
Source: https://blog.talosintelligence.com/2012/12/exploit-kit-java-user-agent-downloading.html