Microsoft security software detects and removes this threat.

It uses vulnerabilities in recent versions of Internet ExplorerMicrosoft Silverlight, Adobe Flash Player, and Java to install malware on your PC. We have seen it try to install Ransom:Win32/Reveton and variants of Win32/Bedep.

The exploit is also called Angler.

You might get this threat if you visit a malicious or hacked website, or by clicking a malicious link in an email.

What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Update Internet Explorer, Java, Adobe Flash, and Microsoft Silverlight

Make sure you install all available updates:

You should remove older versions of Java, as keeping old and unsupported versions of Java on your PC is a serious security risk:

If you continue to get alerted about this threat, deleting your temporary Java files can help:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior


The threat determines what browser, operating system and the version of various applications you are using.

It checks if you have vulnerable versions of Internet ExplorerMicrosoft Silverlight, Adobe Flash Player, or Java.


Exploits vulnerabilities in Internet Explorer and Microsoft Silverlight

If you're using Internet Explorer, the threat tries to exploit the vulnerability referred to as CVE-2013-2551.

The threat also checks if the Microsoft Silverlight plugin is installed and enabled. If it is, it tries to exploit the vulnerability referred to as CVE-2013-0074, which we detect as Exploit:MSIL/CVE-2013-0074.

Exploits vulnerabilities in Adobe Flash Player

The threat checks for vulnerabilities in Adobe Flash Player and tries to exploit the following vulnerabilities:

It uses an Adobe Flash Player  vulnerability to download and run files on your PC, including malware.

The following versions of Adobe Flash Player are vulnerable:

  • Adobe Flash Player and earlier versions
  • Adobe Flash Player and earlier 13.x versions
  • Adobe Flash Player and earlier 11.x versions

Exploits vulnerabilities in the  Java Runtime Environment

The threat checks for vulnerabilities in Java. We have observed it attempting to exploit the vulnerability CVE-2013-2460, which we detect as Exploit:Java/CVE-2013-2460.

Downloads malware

If the threat successfully exploits a vulnerability, it tries to download malware onto your PC. We have observed this threat trying to download files from the following URLs:


We have seen it try to download Ransom:Win32/Reveton and variants of Win32/Bedep.

Additional information

This threat is part of the exploit kit called "Angler". See our page on exploits for more information.

Analysis by Stefan Sellmer


Alerts from your security software may be the only symptom.


Alert level: Severe
This entry was first published on: Mar 14, 2014
This entry was updated on: Mar 26, 2015

This threat is also detected as:
  • Angler (other)