Trojan:JS/Proxas.A is a detection for JavaScript-enabled objects that exhibit malware behavior. Malicious Web sites and PDF documents may contain such JavaScript code that attempts to execute code without the user's knowledge. An example of other malware that may execute this JavaScript is Exploit:Win32/Pdfjsc.D.

Exploit:JS/CVE-2008-0015 is the detection for code that attempts to exploit a vulnerability in the Microsoft Video ActiveX Control. This vulnerability is discussed in detail in Microsoft Security Advisory (972890). When a user visits a Web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it may connect to a remote server and download other malware. Currently, we are aware of cases where exploits download and execute Worm:Win32/Dogkild.A on the system.

Exploit:JS/Sakra.A is file that is part of the Sakura exploit kit. This kit is used to infect your computer with different malware. It acts as a malware distributing platform by compromising websites; if you visit those websites, your computer may become infected with malware. It exploits vulnerabilities in different software to maximize the possibility of infection.

Java/Blacole.GN is a detection for a component of the Blackhole exploit kit - a kit used by attackers to distribute malware. Attackers install the kit onto a server, and then when you visit the compromised server, the kit attempts to exploit various, multiple vulnerabilities on your computer in order to install malware. For example, if you browsed a compromised website containing the exploit pack using a vulnerable computer, malware could be downloaded and installed onto your computer.

Typically, the Blackhole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

For more information on this exploit kit, and steps you can take to avoid being compromised, please see the detailed Blacole description, elsewhere in our encyclopedia.

Exploit:Java/CVE-2012-0507.ANG is a malicious Java applet that attempts to exploit a vulnerability (CVE-2012-0507) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.

If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.

The following versions of Java are vulnerable to this exploit:

• JDK and JRE 7 Update 2 and earlier Java SE
• JDK and JRE 6 Update 30 and earlier Java SE
• JDK and JRE 5.0 Update 33 and earlier Java SE
• SDK and JRE 1.4.2_35 and earlier Java SE
• JavaFX 2.0.2 and earlier JavaFX

Exploit:Java/Blacole.D is a Java Class module that is included in a JAR file. It is part of the 'Blackhole' exploit kit, described in CVE-2010-0840.

Exploit:Java/Blacole.W is the detection for the Java class module included in "worms.jar" that is part of the "Blackhole" exploit pack. The file "worms.jar" is an applet that exploits the vulnerability in Java Runtime Environment described in CVE-2010-0840.

Exploit:Java/CVE-2011-3544.A is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

More information about the vulnerability is available in the following articles:

• CVE-2011-3544
• Oracle Java SE Critical Patch Update Advisory - October 2011

Exploit:JS/Blacole.AD is a malicious JavaScript that attempts to exploit several vulnerabilities in Adobe Acrobat and Reader. If the exploit is successful in compromising a vulnerable host, it could result in downloading and executing other malware. Exploit:JS/Blacole.AD is a component of an exploit kit that is distributed as the "Blackhole exploit pack".

Exploit:SWF/CVE-2011-2110.A is a detection for specially-crafted Shockwave Flash (.SWF) files that attempt to exploit software vulnerabilities in Adobe Flash Player and Adobe Reader and Acrobat X.

Windows Defender detects and removes this threat.

This threat loads a malicious Adobe Flash object in your browser in order to download malware, including ransomware such as Ransom:Win32/Cerber.

You might be redirected to the web page that loads the object without your consent.

The malicious Adobe Flash object exploits the vulnerability described in CVE-2015-8651 and Adobe Security Bulletin APSB16-01.

Note that you might get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.

Read more about how this threat is being used by cybercriminals in this blog post:

• Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series
• Ransomware: a declining nuisance or an evolving menace?
• No slowdown in Cerber ransomware activity as 2016 draws to a close

 

Exploit:Java/CVE-2010-0840.DJ is a detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. Successful exploitation leads to remote code execution.

Exploit:HTML/IframeRef.V is a detection for specially-formed IFrame tags that point to remote websites containing malicious content, for example malicious JavaScript containing an exploit for a specific vulnerability.

Exploit:HTML/Bankfraud is generic detection for e-mail that contains malicious links or other characteristics indicative of a phishing attack.

Exploit:JS/Mult.AF is a detection for code that exploits a certain vulnerability in Internet Explorer 7 in order to download and run arbitrary files.

 

Files detected as Exploit:JS/Mult.AF may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AF is loaded, the vulnerability in Internet Explorer is exploited.

 

Exploit:JS/Mult.AI is a detection for code that exploits a certain vulnerability in Internet Explorer 7 in order to download and run arbitrary files.

 

Files detected as Exploit:JS/Mult.AI may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AI is loaded, the vulnerability in Internet Explorer is exploited.