Trojan:Win32/Chymine.A is a trojan that drops a keylogging malware detected as TrojanSpy:Win32/Chymine.A. It consists of several components: an .EXE component and a .DLL component. It may be launched and installed by Exploit:Win32/CplLnk.A.

Worm:Win32/Stuxnet.B is the detection for a worm that spreads to all removable drives. It does this by dropping exploit shortcut files (files having .LNK file extension) that automatically run when the removable drive is accessed using an application that displays shortcut icons (for example, Windows Explorer). The shortcut files are detected as Exploit:Win32/CplLnk.A.

 

The worm is capable of dropping and installing other components, injecting code into currently-running processes, and allowing backdoor access and control to the infected computer.

Exploit:Java/CVE-2008-5353.B is a detection for malicious code that attempts to exploit a vulnerability in the Java Runtime Environment (JRE). The vulnerability, with CVE number CVE-2008-5353, may lead to the download and execution of arbitrary files in an affected system.

Exploit:JS/Pdfjsc.Z is an obfuscated JavaScript often distributed through compromised websites. It is designed to exploit several vulnerabilities in the web browser.

Exploit:JS/ShellCode.AH is a detection for certain malicious JavaScript code that is embedded within HTML files.

Exploit:JS/Blacole.DE is a variant of JS/Blacole, JavaScript malware that consists of several exploits and is created by the "Blackhole" exploit kit. Exploit:JS/Blacole.DE is installed to compromised websites by an attacker. It attempts to exploit the following CVE vulnerabilities:

• CVE-2006-0003
• CVE-2007-5659
• CVE-2009-0927
• CVE-2010-1885
• CVE-2011-2110
• CVE-2011-3544

Exploit:Win32/Taro.H is a detection for an exploit affecting the word processing application Ichitaro by JustSystems of Japan.

Exploit:Java/CVE-2008-5353.DG is based on a vulnerability which affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Java/CVE-2009-3869.A is a detection for the vulnerability described in CVE-2009-3869 which can be exploited to execute arbitrary code.

Exploit:Win32/Pidief.HW is a detection for specially-crafted PDF files that target a software vulnerability in Adobe Acrobat and Adobe Reader version 8 before 8.2.1 and version 9 before 9.3.1. The vulnerability exploited by this malware is referenced by the Common Vulnerabilities and Exposures (CVE) Identifier CVE-2010-0188.

 

This is a detection for a malicious JavaScript that attempts to exploit a vulnerability in the web browser Firefox versions 3.6.8, 3.6.9, 3.6.10 and 3.6.11. The exploit could download and execute arbitrary code. In the wild, this exploit is known to download and execute Backdoor:Win32/Belmoo.A.

Exploit:Java/CVE-2008-5353.WW is a detection for an exploit that is based on a vulnerability which affects Java Virtual Machine (JVM) version 5 up to and including update 22, as well as version 6 up to and including update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Win32/CVE-2010-2572.A is the detection for specially-crafted Microsoft Powerpoint files that exploit a vulnerability addressed by Microsoft Security Bulletin MS10-088. This vulnerability may allow attackers to execute arbitrary code that can drop files, install programs or modify data without the user's knowledge or consent.

Exploit:Java/CVE-2010-0840.AL is the detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. Successful exploitation leads to remote code execution.

Exploit:Java/CVE-2010-0094.CY is the detection for malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sandbox" environment.

 

Exploit:Java/CVE-2010-0840.BJ is a detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. Successful exploitation leads to arbitrary code execution.

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

• Java Development Kit, Java Runtime Environment 7 Update 11 and earlier

To check if you're running a vulnerable version of Java:

1. Go to the control panel (Select Start then Control Panel)
2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Exploit:Java/CVE-2010-0840.DW is the detection for a malicious and obfuscated Java class that exploits the vulnerability described in CVE-2010-0840. Successful exploitation may lead to the download and execution of arbitrary files within the user's security context.