Windows Defender detects and removes this threat.

Exploit:JS/Coolex.D is script contained within an exploit pack known as the "Cool exploit kit". It can install arbitrary malware on your computer through exploiting software vulnerabilities in Java version 7, update 17 and earlier.

As the Cool exploit kit and the Blacole exploit kit share malicious web page patterns and exploits, in some instances you might see Exploit:JS/Blacole detected on your computer alongside Exploit:JS/Coolex.D. 

Exploit:Java/Blacole.D is a Java Class module that is included in a JAR file. It is part of the 'Blackhole' exploit kit, described in CVE-2010-0840.

Exploit:Java/Blacole.W is the detection for the Java class module included in "worms.jar" that is part of the "Blackhole" exploit pack. The file "worms.jar" is an applet that exploits the vulnerability in Java Runtime Environment described in CVE-2010-0840.

Exploit:Java/CVE-2011-3544.A is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

More information about the vulnerability is available in the following articles:

• CVE-2011-3544
• Oracle Java SE Critical Patch Update Advisory - October 2011

Exploit:JS/Blacole.AD is a malicious JavaScript that attempts to exploit several vulnerabilities in Adobe Acrobat and Reader. If the exploit is successful in compromising a vulnerable host, it could result in downloading and executing other malware. Exploit:JS/Blacole.AD is a component of an exploit kit that is distributed as the "Blackhole exploit pack".

Exploit:Java/CVE-2012-5076.GAA is a malicious Java applet that attempt to exploit a vulnerability (CVE-2012-5076) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.

If you visit a website containing the malicious code while using a vulnerable version of Java, Exploit:Java/CVE-2012-5076.GAA is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.

The following versions of Java are vulnerable to this exploit:

JDK and JRE 7 Update 7 and earlier

Steps you can take

The nature of this threat means that you may need to take some steps to prevent being vulnerable from this, and similar exploits. We suggest you:

1. Clear the Java cache
2. Update Java
3. Remove older versions of Java

For detailed information about these steps, please see the Additional removal instructions below.

Microsoft security software detects and removes this threat.

This malicious JavaScript code can use vulnerable versions of Java, Adobe Reader, and Adobe Flash to load other malware onto your computer.

You can be infected with this threat if you visit a malicious or compromised webpage.

Windows Defender detects and removes this threat.

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

• Java Development Kit and Java Runtime Environment 7 Update 10 and earlier

To check if you're running a vulnerable version of Java:

1. In Control Panel, double-click Programs.
2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Find out ways that malware can get on your PC.

Exploit:HTML/Bankfraud is generic detection for e-mail that contains malicious links or other characteristics indicative of a phishing attack.

Exploit:JS/Mult.AF is a detection for code that exploits a certain vulnerability in Internet Explorer 7 in order to download and run arbitrary files.

 

Files detected as Exploit:JS/Mult.AF may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AF is loaded, the vulnerability in Internet Explorer is exploited.

 

Exploit:JS/Mult.AI is a detection for code that exploits a certain vulnerability in Internet Explorer 7 in order to download and run arbitrary files.

 

Files detected as Exploit:JS/Mult.AI may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AI is loaded, the vulnerability in Internet Explorer is exploited.

 

Windows Defender detects and removes this threat.

Find out ways that malware can get on your PC.  

Exploit:Win32/Pidief.C is a detection for an exploit that targets a Portable Document Format (PDF) vulnerability. The critical vulnerability could result in the installation of additional malware when a malicious PDF document is opened using Adobe Reader version 9, or earlier.

Exploit:JS/CVE-2008-0015 is the detection for code that attempts to exploit a vulnerability in the Microsoft Video ActiveX Control. This vulnerability is discussed in detail in Microsoft Security Advisory (972890). When a user visits a Web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it may connect to a remote server and download other malware. Currently, we are aware of cases where exploits download and execute Worm:Win32/Dogkild.A on the system.

Microsoft security software detects and removes this threat.

It tries to exploit vulnerabilities in Java and Silverlight to download and run other malware.

Read more about how this threat is being used by cybercriminals in this blog post:

Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Microsoft security software detects and removes this threat.

This threat can use vulnerabilities in Java and Silverlight to download and run other malware.

See the Exploit:JS/Meadgive description for more information.

Read more about how this threat is being used by cybercriminals in this blog post:

Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Find out ways that malware can get on your PC.