Trojan:Win32/Chymine.A
Worm:Win32/Stuxnet.B
Exploit:Java/CVE-2008-5353.B
Exploit:Win32/Pdfjsc.FN
Exploit:JS/Pdfjsc.Z
Exploit:JS/Pdfjsc.Z is an obfuscated JavaScript often distributed through compromised websites. It is designed to exploit several vulnerabilities in the web browser.
Exploit:JS/ShellCode.AH
Exploit:JS/ShellCode.AH is a detection for certain malicious JavaScript code that is embedded within HTML files.
Exploit:JS/Blacole.DE
Exploit:JS/Blacole.DE is a variant of JS/Blacole, JavaScript malware that consists of several exploits and is created by the "Blackhole" exploit kit. Exploit:JS/Blacole.DE is installed to compromised websites by an attacker. It attempts to exploit the following CVE vulnerabilities:
Exploit:Win32/Taro.H
Exploit:Java/CVE-2008-5353.DG
Exploit:Win32/Pdfjsc.FU
Exploit:Java/CVE-2009-3869.A
Exploit:Win32/Pdfjsc.HW
Exploit:JS/Belmoo
Exploit:Java/CVE-2008-5353.WW
Exploit:Win32/CVE-2010-2572.A
Exploit:Java/CVE-2010-0840.AL
Exploit:Java/CVE-2010-0094.CY
Exploit:Java/CVE-2010-0840.BJ
Exploit:Win32/Pdfjsc.BC
Windows Defender detects and removes this threat.
This threat uses a vulnerability in some Adobe products to download and run files on your PC, including other malware.
It can run if you have a vulnerable version of Adobe on your PC and you visit a malicious website, or open a malicious PDF document attached to an email.
The following versions of Adobe Reader and Acrobat are vulnerable:
- 9.x before 9.5.5
- 10.x before 10.1.7
- 11.x before 11.0.03
You may get an alert about this threat even if you're not using a vulnerable software version. This is because we detect when an attempt is made to exploit this vulnerability, even if it isn't successful.
You can find more information about this threat on the CVE website or our page about exploits.
Exploit:Python/CVE-2017-0143
Microsoft Defender Antivirus detects and removes this threat.
This detection covers compiled Python scripts that exploit a set of vulnerabilities fixed in the MS17-010 security bulletin. These vulnerabilities, which include CVE-2017-0144 (also known as EternalBlue) and CVE-2017-0145 (also known as EternalRomance), can allow the remote execution of custom code on unpatched machines.