JS/Aimesu
Windows Defender Antivirus detects and removes this threat.
This threat runs on your PC when you visit a hacked or malicious webpage and you are using a vulnerable or out-of-date version of Java, Adobe PDF Reader, or Flash Player.
It then installs other malware on your PC, including components of the "Blackhole" and "Cool" exploit kits. These exploits can download other malware on your PC.
See our exploits page for more information about this type of threat.
Exploit:Win32/CVE-2012-0158.CJ
Windows Defender detects and removes this threat.
This threat uses a Microsoft vulnerability to download and run files on your PC, including other malware. It is also called the "MSCOMCTL.OCX RCE Vulnerability".
It runs if you visit a website, use an Office document or .rtf file (Word document), and have a vulnerable version of the following applications on your PC:
- Microsoft Office 2003 SP3
- Microsoft Office 2003 Web Components SP3
- Microsoft Office 2007 SP2 and SP3
- Microsoft Office 2010 Gold and SP1
It is most often distributed through emails.
You might get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.
Exploit:Win32/Pdfjsc.YZ
Exploit:Win32/Pdfjsc.YZ is a specially-crafted Portable Document File (PDF), which exploits a vulnerability in Adobe Acrobat and Adobe Reader discussed in the following articles:
When executed in a vulnerable version of Adobe Acrobat or Adobe Reader, it attempts to download a certain file. It has been found included in the Blackhole exploit kit.
Exploit:Java/Blacole.AHN
Exploit:Java/Blacole.AHN is a malicious Java applet that attempts to exploit vulnerabilities (CVE-2012-1723 and CVE-2012-0507) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.
If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.
The following versions of Java are vulnerable to this exploit:
- JDK and JRE 7 Update 4 and earlier Java SE
- JDK and JRE 6 Update 32 and earlier Java SE
- JDK and JRE 5.0 Update 35 and earlier Java SE
- SDK and JRE 1.4.2_37 and earlier Java SE
Exploit:Java/CVE-2008-5353
This threat uses a Java vulnerability to download and run files on your PC, including other malware.
It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.
The following versions of Java are vulnerable:
- JRE for Sun JDK (Java Development Kit) and JRE 6 update 10 and earlier
- JDK and JRE 5.0 update 16 and earlier
- SDK (Software Development Kit) and JRE 1.4.2_18
To check if you're running a vulnerable version of Java:
- In Control Panel, double-click Programs.
- If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
- On the General tab, click About to see which version of Java you have installed.
Exploit:JS/Blacole.F
Exploit:JS/Blacole.F is a JavaScript that executes a series of malicious code in an attempt to exploit computers that may be running vulnerable versions of certain software. If exploitation is successful, various malware may be downloaded.
Exploit:Win32/CVE-2008-4841
Exploit:Win32/Pdfjsc.L
Exploit:JS/Mult.AD
Trojan:Win32/Clort.A!exploit
Exploit:JS/Elecom.gen!B
Exploit:JS/Axpergle.A
Windows Defender detects and removes this threat.
It uses vulnerabilities in recent versions of Microsoft Silverlight, Adobe Flash Player, and Java to install malware on your PC. We have seen it try to install PWS:Win32/Zbot.
You might get this threat if you visit a malicious or hacked website, or by clicking a malicious link in an email.
To learn more about how this threat is being used by cybercriminals,
Exploit:Java/CVE-2011-3544.AO
Exploit:Java/CVE-2011-3544.gen!A
Exploit:Java/CVE-2011-3544.gen!A is a generic detection for a malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in a Java Runtime Environment (JRE) component in Oracle, JAVA SE JDK and JRE 7, 6 update 27 and earlier. The vulnerability, discussed in CVE-2011-3544, allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.
Exploit:Win32/Pdfjsc.AAP
Exploit:Win32/Pdfjsc.AAP is the detection for specially-crafted PDF files that target software vulnerabilities in Adobe Acrobat and Adobe Reader. The vulnerabilities, discussed in CVE-2010-0188, could allow a remote attacker to cause a denial of service or application crash or possibly execute arbitrary code.
Exploit:Win32/Pdfjsc.AEW
Exploit:Win32/Pdfjsc.AEW is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.
The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.
The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:
- Adobe Acrobat and Adobe Reader earlier than 8.2.1
- Adobe Acrobat and Adobe Reader earlier than 9.3.1
Install updates to prevent infection
This malware exploits known vulnerabilities.
You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.
Download updates for Adobe products from the following link: