The threat determines what browser, operating system and version you are using.
It checks if you are using the following versions of Windows:
Windows Home Server 2011
Windows Server 2008
Windows Server 2012
If you are using one of these versions, the threat then checks if you have vulnerable versions of Microsoft Silverlight, Adobe Flash Player, or Java.
Exploits vulnerabilities in Microsoft Silverlight
If you're using Internet Explorer, the threat checks if the Microsoft Silverlight plugin is installed and enabled.
It then checks for vulnerabilities by seeing if you have the following versions:
We have seen it exploit the vulnerability referred to as CVE-2013-0074, which we detect as Exploit:MSIL/CVE-2013-0074.
Exploits vulnerabilities in Adobe Flash Player
The threat checks for vulnerabilities in Adobe Flash Player by seeing if you have the following versions:
We have seen it exploit the vulnerability referred to as CVE-2013-0634.
Exploits vulnerabilities in
Java Runtime Environment
The threat checks for vulnerabilities in Java. We have observed it attempting to exploit the vulnerability CVE-2013-2460, which affects Oracle Java SE version 7 update 21 and earlier.
If the threat successfully exploits a vulnerability, it tries to download malware onto your PC. We have observed this threat trying to download PWS:Win32/Zbot.
Earlier versions of this threat may be detected as VirTool:JS/Obfuscator.EM.
This threat is part of the exploit kit called "Angler". See our page on exploits for more information.
Analysis by Methusela Cebrian Ferrer