Microsoft security software detects and removes this threat.

It uses vulnerabilities in recent versions of Microsoft Silverlight, Adobe Flash Player, and Java to install malware on your PC. We have seen it try to install PWS:Win32/Zbot.

You might get this threat if you visit a malicious or hacked website, or by clicking a malicious link in an email.

Find out ways that malware can get on your PC.

What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.


Update Java, Adobe Flash, and Microsoft Silverlight


Make sure you install all available updates:



You should remove older versions of Java, as keeping old and unsupported versions of Java on your PC is a serious security risk:



If you continue to get alerted about this threat, deleting your temporary Java files can help:



Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior


The threat determines what browser, operating system and version you are using.

It checks if you are using the following versions of Windows:

  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows Home Server 2011
  • Windows Server 2008
  • Windows Server 2012

If you are using one of these versions, the threat then checks if you have vulnerable versions of Microsoft Silverlight, Adobe Flash Player, or Java.


Exploits vulnerabilities in Microsoft Silverlight

If you're using Internet Explorer, the threat checks if the Microsoft Silverlight plugin is installed and enabled.

It then checks for vulnerabilities by seeing if you have the following versions:

  • 4.0.50401.0
  • 5.0.60818.0
  • 5.1.10411.0

We have seen it exploit the vulnerability referred to as CVE-2013-0074, which we detect as Exploit:MSIL/CVE-2013-0074.

Exploits vulnerabilities in Adobe Flash Player

The threat checks for vulnerabilities in Adobe Flash Player by seeing if you have the following versions:

  • 11.5.502.146

We have seen it exploit the vulnerability referred to as CVE-2013-0634.

Exploits vulnerabilities in Java Runtime Environment

The threat checks for vulnerabilities in Java. We have observed it trying to exploit the vulnerability CVE-2013-2460, which affects Oracle Java SE version 7 update 21 and earlier.

Downloads malware

If the threat successfully exploits a vulnerability, it tries to download malware onto your PC. We have observed this threat trying to download PWS:Win32/Zbot.

Additional information

Earlier versions of this threat might be detected as VirTool:JS/Obfuscator.EM.

This threat is part of the exploit kit called "Angler". See our page on exploits for more information.

Analysis by Methusela Cebrian Ferrer


Alerts from your security software may be the only symptom.


Alert level: Severe
First detected by definition: 1.169.1625.0
Latest detected by definition: 1.191.3953.0 and higher
First detected on: Apr 03, 2014
This entry was first published on: Mar 06, 2014
This entry was updated on: Jun 27, 2014

This threat is also detected as:
  • Angler (other)