Follow:

 

Exploit:JS/DonxRef.C


Microsoft security software detects and removes this threat.

It is a website page that uses vulnerabilities in Adobe Flash Player and Java to install malware on your PC. We have seen it try to download Trojan:Win32/Urelas.A.

You might get this threat if you visit a malicious or hacked website, or by clicking a malicious link in an email.

Find out ways that malware can get on your PC.  



What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

You can also visit the Microsoft virus and malware community or our advanced troubleshooting page for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Installation

This threat uses vulnerabilities in Adobe Flash Player and Java to install malware on your PC. You might encounter it when you visit compromised or malicious websites.

We have seen the threat hosted at 98.126.<removed>.100.

Payload

Exploits vulnerabilities in Adobe Flash Player and Java

It tries to exploit the following vulnerabilities:


Downloads malware

If the threat successfully exploits a vulnerability, it tries to download malware onto your PC. We have seen it try to download Trojan:Win32/Urelas.A.

Additional information

This threat is part of the exploit kit called "Gongda". See our page on exploits for more information.

Analysis by Chun Feng


Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.163.720.0
Latest detected by definition: 1.163.720.0 and higher
First detected on: Nov 27, 2013
This entry was first published on: Apr 11, 2014
This entry was updated on: Apr 11, 2014

This threat is also detected as:
  • Gongda (other)