TrojanDownloader:HTML/Iframe.F is the detection for HTML files that are loaded when a user visits certain websites. These may be found in webpages from servers that have been compromised by SQL injection attacks.

Exploit:Java/CVE-2010-0094.CK is the detection for malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sandbox" environment.

 

Exploit:JS/Pdfjsc.OD is the detection for specially-crafted PDF files that attempt to exploit a software vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerability it attempts to exploit is discussed in the following articles:

• CVE-2010-0188
• APSB-10-07

Exploit:HTML/CookieJack.A is a generic detection for specially-crafted HTML files that attempt to access local cookie files by exploiting a vulnerability in Internet Explorer 6 and above.

Exploit:Win32/CVE-2011-0978 is a detection for malware that attempts to exploit a vulnerability in Microsoft Excel and discussed in CVE-2011-0978. Successful exploitation of this vulnerability could result in execution of arbitrary code.

Exploit:JS/ShellCode.Z is a generic detection for JavaScript objects that construct shellcode. These scripts may be embedded within other document files such as specially-crafted .PDF files, for example.

 

This detection also includes malicious JavaScript that attempts to exploit an uninitialized memory corruption vulnerability (CVE-2010-0806) that allows the execution of arbitrary code. Microsoft released Microsoft Security Bulletin MS10-018 to mitigate this vulnerability.

Exploit:Java/CVE-2008-5353.JJ is based on a vulnerability which affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Java/CVE-2009-3867.GM is the detection for a malicious Java applet that exploits the vulnerability described in CVE-2009-3867. When a user visits a website that contains the applet using a computer that has a vulnerable version of Sun Java, security checks may be bypassed, allowing arbitrary code to be run.

Exploit:Win32/CVE-2011-0096 is a generic detection for specially-crafted HTML files that attempt to exploit the vulnerability described in the following pages:

 

Exploit:Win32/RdrJmp.A exploits unpatched Adobe Reader & Adobe Acrobat applications installed on Windows XP computers. Opening a malicious .PDF data file containing the exploit could result in the installation of additional malware, including TrojanSpy:Win32/Agent.BI, Trojan:Win32/Agent.OS and PWS:Win32/Ldpinch.W.

 

Microsoft has published Microsoft Security Advisory 943521 related to this threat:

 

Adobe has published updates for vulnerable applications:
http://www.adobe.com/support/security/bulletins/apsb07-18.html

Exploit:Win32/Pidief.B is a detection for an exploit that targets a Portable Document Format (PDF) vulnerability. The critical vulnerability could result in the installation of additional malware when a malicious PDF document is opened using Adobe Reader version 9, or earlier.

Exploit:JS/Pdfcmi.C is a detection for a specially crafted JavaScript code, embedded in a malformed Portable Document Format (PDF) file, that attempts to exploit a buffer overflow vulnerability (CVE-2007-5659) in Adobe Reader version 8.1.1, and earlier.

Exploit:JS/Mult.BB is a detection for obfuscated shellcode embedded in a Javascript file. It may be embedded in Web pages or PDF files. It attempts to exploit various vulnerabilities, for example, certain ones in Adobe Acrobat/Reader or those resolved by the Microsoft MS06-057 and MS06-014 security updates.

 

Files detected as Exploit:JS/Mult.BB may perform any number of malicious actions, such as downloading other malware.

Exploit:JS/Pdfupf.A is a detection for Javascript code that tries to exploit a vulnerability in Adobe Acrobat and Adobe Reader.

Windows Defender detects and removes this threat.

This threat is on a website that downloads malware onto your PC. You might be redirected to this website when you visit a hacked webpage.

It tries to use vulnerabilities in your software to infect your PC.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

See our page about exploits and learn how to update common software.

Windows Defender detects and removes this threat.

This threat uses a vulnerability in your software to download other malware.

It runs when you visit a hacked website and you have a vulnerable version of Java installed on your PC. A number of legitimate websites could be hacked or unwillingly host this threat.

The following versions of Java are vulnerable:

• Oracle Java SE and Java for Business 6 Update 18 and earlier

To check if you're running a vulnerable version of Java:

1. Go to the control panel (Select Start then Control Panel)
2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You might get a detection for this threat if you visit a website that has the malicious code, even if you're not using a vulnerable version of Java. This doesn't mean that you have been hacked; it means someone has tried to hack into your PC.

The vulnerability that this threat exploits is described in CVE-2010-0840.

Java/Blacole.EY is a detection for a component of the Blackhole exploit kit - a kit used by attackers to distribute malware. Attackers install the kit onto a server, and then when you visit the compromised server, the kit attempts to exploit various, multiple vulnerabilities on your computer in order to install malware. For example, if you browsed a compromised website containing the exploit pack using a vulnerable computer, malware could be downloaded and installed onto your computer.

Typically, the Blackhole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

For more information on this exploit kit, and steps you can take to avoid being compromised, please see the detailed Blacole description, elsewhere in our encyclopedia.