Follow:

 

Exploit:Java/Blacole.W


Exploit:Java/Blacole.W is the detection for the Java class module included in "worms.jar" that is part of the "Blackhole" exploit pack. The file "worms.jar" is an applet that exploits the vulnerability in Java Runtime Environment described in CVE-2010-0840.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Update vulnerable Java applications

This threat exploits a known vulnerability in Java. After removing this threat, make sure that you install the updates available from the vendor. You can read more about this vulnerability in Java, as well as where to download the software update from the following links:

It may be necessary to remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the following information.

Threat behavior

Exploit:Java/Blacole.W is the detection for the Java class module included in "worms.jar" that is part of the "Blackhole" exploit pack. The file "worms.jar" is an applet that exploits the vulnerability in Java Runtime Environment described in CVE-2010-0840.

Compromised websites usually contain a malicious IFrame that redirects the user to another page that contains the exploit pack. Exploit:Java/Blacole.W only affects computers running vulnerable versions of Java Runtime Environment (JRE).

Exploit:Java/Blacole.W receives a paramater for a URL from which an arbitary file may be downloaded. The arbitrary file is then run in the computer.

Analysis by Sergey Chernyshev


Symptoms

System changes

The following system changes may indicate the presence of this malware:

  • The presence of the following file in your browser cache:
    worms.jar

Prevention


Alert level: Severe
First detected by definition: 1.115.678.0
Latest detected by definition: 1.115.678.0 and higher
First detected on: Oct 27, 2011
This entry was first published on: Oct 27, 2011
This entry was updated on: Nov 16, 2011

This threat is also detected as:
  • Java.Exploit.CVE-2010-0840.F (BitDefender)
  • Exploit.Java.Blacole (Ikarus)
  • JAVA_BLACOLE.ERC (Trend Micro)