Trojan:Win32/Chymine.A is a trojan that drops a keylogging malware detected as TrojanSpy:Win32/Chymine.A. It consists of several components: an .EXE component and a .DLL component. It may be launched and installed by Exploit:Win32/CplLnk.A.

Worm:Win32/Stuxnet.B is the detection for a worm that spreads to all removable drives. It does this by dropping exploit shortcut files (files having .LNK file extension) that automatically run when the removable drive is accessed using an application that displays shortcut icons (for example, Windows Explorer). The shortcut files are detected as Exploit:Win32/CplLnk.A.

 

The worm is capable of dropping and installing other components, injecting code into currently-running processes, and allowing backdoor access and control to the infected computer.

Exploit:Win32/Taro.H is a detection for an exploit affecting the word processing application Ichitaro by JustSystems of Japan.

Exploit:Java/CVE-2008-5353.DG is based on a vulnerability which affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Java/CVE-2009-3869.A is a detection for the vulnerability described in CVE-2009-3869 which can be exploited to execute arbitrary code.

Exploit:Win32/Pidief.HW is a detection for specially-crafted PDF files that target a software vulnerability in Adobe Acrobat and Adobe Reader version 8 before 8.2.1 and version 9 before 9.3.1. The vulnerability exploited by this malware is referenced by the Common Vulnerabilities and Exposures (CVE) Identifier CVE-2010-0188.

 

This is a detection for a malicious JavaScript that attempts to exploit a vulnerability in the web browser Firefox versions 3.6.8, 3.6.9, 3.6.10 and 3.6.11. The exploit could download and execute arbitrary code. In the wild, this exploit is known to download and execute Backdoor:Win32/Belmoo.A.

Exploit:Java/CVE-2008-5353.WW is a detection for an exploit that is based on a vulnerability which affects Java Virtual Machine (JVM) version 5 up to and including update 22, as well as version 6 up to and including update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Win32/CVE-2010-2572.A is the detection for specially-crafted Microsoft Powerpoint files that exploit a vulnerability addressed by Microsoft Security Bulletin MS10-088. This vulnerability may allow attackers to execute arbitrary code that can drop files, install programs or modify data without the user's knowledge or consent.

Exploit:Java/CVE-2010-0840.AL is the detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. Successful exploitation leads to remote code execution.

Exploit:Java/CVE-2010-0840.BJ is a detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. Successful exploitation leads to arbitrary code execution.

Windows Defender detects and removes this threat.

This threat is a webpage that spreads the exploit kit known as Neutrino. See the HTML/NeutrinoEK family description for more information.

You PC is at risk of infection if you visit this webpage and you have vulnerable software installed on your PC.

You might be redirected to the malicious webpage without your consent.

Windows Defender detects and removes this threat.

This threat uses a JavaScript vulnerability to check your PC for security software. It then looks for certain information about your computer that might be used in a future attack. It uses the vulnerability described in CVE-2013-7331 to exploit your PC.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Internet Explorer.

You might get an alert about this threat even if you're not using vulnerable software. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

See the Exploit:JS/Sevdaq family description for more information.

Exploit:Java/CVE-2008-5353.B is a detection for malicious code that attempts to exploit a vulnerability in the Java Runtime Environment (JRE). The vulnerability, with CVE number CVE-2008-5353, may lead to the download and execution of arbitrary files in an affected system.

Exploit:Java/CVE-2010-0094.CY is the detection for malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sandbox" environment.

 

Microsoft Defender Antivirus detects and removes this threat.

This detection covers compiled Python scripts that exploit a set of vulnerabilities fixed in the MS17-010 security bulletin. These vulnerabilities, which include CVE-2017-0144 (also known as EternalBlue) and CVE-2017-0145 (also known as EternalRomance), can allow the remote execution of custom code on unpatched machines.

Windows Defender detects and removes this threat.

This threat uses a vulnerability in some Adobe products to download and run files on your PC, including other malware.

It can run if you have a vulnerable version of Adobe on your PC and you visit a malicious website, or open a malicious PDF document attached to an email.

The following versions of Adobe Reader and Acrobat are vulnerable:

• 9.x before 9.5.5
• 10.x before 10.1.7
• 11.x before 11.0.03

You may get an alert about this threat even if you're not using a vulnerable software version. This is because we detect when an attempt is made to exploit this vulnerability, even if it isn't successful.

You can find more information about this threat on the CVE website or our page about exploits.