is the detection for the Java class module included in "worms.jar" that is part of the "Blackhole" exploit pack. The file "worms.jar" is an applet that exploits the vulnerability in Java Runtime Environment described in CVE-2010-0840.
Compromised websites usually contain a malicious IFrame that redirects the user to another page that contains the exploit pack. Exploit:Java/Blacole.W only affects computers running vulnerable versions of Java Runtime Environment (JRE).
receives a paramater for a URL from which an arbitary file may be downloaded. The arbitrary file is then run in the computer.
Analysis by Sergey Chernyshev
The following system changes may indicate the presence of this malware:
- The presence of the following file in your browser cache: