TrojanDownloader:HTML/Iframe.F is the detection for HTML files that are loaded when a user visits certain websites. These may be found in webpages from servers that have been compromised by SQL injection attacks.

Exploit:Win32/RdrJmp.A exploits unpatched Adobe Reader & Adobe Acrobat applications installed on Windows XP computers. Opening a malicious .PDF data file containing the exploit could result in the installation of additional malware, including TrojanSpy:Win32/Agent.BI, Trojan:Win32/Agent.OS and PWS:Win32/Ldpinch.W.

 

Microsoft has published Microsoft Security Advisory 943521 related to this threat:

 

Adobe has published updates for vulnerable applications:
http://www.adobe.com/support/security/bulletins/apsb07-18.html

Exploit:Win32/Pidief.B is a detection for an exploit that targets a Portable Document Format (PDF) vulnerability. The critical vulnerability could result in the installation of additional malware when a malicious PDF document is opened using Adobe Reader version 9, or earlier.

Exploit:JS/Pdfcmi.C is a detection for a specially crafted JavaScript code, embedded in a malformed Portable Document Format (PDF) file, that attempts to exploit a buffer overflow vulnerability (CVE-2007-5659) in Adobe Reader version 8.1.1, and earlier.

Exploit:JS/Mult.BB is a detection for obfuscated shellcode embedded in a Javascript file. It may be embedded in Web pages or PDF files. It attempts to exploit various vulnerabilities, for example, certain ones in Adobe Acrobat/Reader or those resolved by the Microsoft MS06-057 and MS06-014 security updates.

 

Files detected as Exploit:JS/Mult.BB may perform any number of malicious actions, such as downloading other malware.

Exploit:JS/Pdfupf.A is a detection for Javascript code that tries to exploit a vulnerability in Adobe Acrobat and Adobe Reader.

Exploit:HTML/CodeBaseExec.gen!B is a generic detection for HTML files that attempt to download and run arbitrary files on the affected system.

Exploit:HTML/Expascii.gen is Microsoft's generic detection for malicious web pages that contains code that exploits a vulnerability in the way that ASCII characters are interpreted in Internet Explorer. The vulnerability is tracked as CVE-2006-3227.

Exploit:Win32/Pdfjsc.AFE is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat and Adobe Reader earlier than 8.2.1
• Adobe Acrobat and Adobe Reader earlier than 9.3.1

Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

• Updating Software

Exploit:Win32/Pdfjsc.AGC is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat and Adobe Reader earlier than 8.2.1
• Adobe Acrobat and Adobe Reader earlier than 9.3.1

Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

• Updating Software

Windows Defender detects and removes this threat.

This threat uses a vulnerability in your software to download other malware.

It runs when you visit a hacked website and you have a vulnerable version of Java installed on your PC. A number of legitimate websites could be hacked or unwillingly host this threat.

The following versions of Java are vulnerable:

• Oracle Java SE and Java for Business 6 Update 18 and earlier

To check if you're running a vulnerable version of Java:

1. Go to the control panel (Select Start then Control Panel)
2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You might get a detection for this threat if you visit a website that has the malicious code, even if you're not using a vulnerable version of Java. This doesn't mean that you have been hacked; it means someone has tried to hack into your PC.

The vulnerability that this threat exploits is described in CVE-2010-0840.

Windows Defender detects and removes this threat.

This threat is on a website that downloads malware onto your PC. You might be redirected to this website when you visit a hacked webpage.

It tries to use vulnerabilities in your software to infect your PC.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

See our page about exploits and learn how to update common software.

Exploit:JS/Elecom.D is a detection for shellcode used to exploit a vulnerability in Internet Explorer that may allow arbitrary code execution without a user's permission.

 

For more information on the vulnerability, please see the following advisories:

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability (CVE-2013-1493) to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and if you have a vulnerable version of Java.

The following versions of Java are vulnerable:

• Oracle Java JDK and JRE 7 Update 15 and earlier
• Oracle Java JDK and JRE 6 Update 41 and earlier
• Oracle Java JDK and JRE 5 Update 40 and earlier

To check if you're running a vulnerable version of Java:

1. In Control Panel, double-click Programs.
2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful. This doesn't mean that you have been hacked; it means someone has tried to hack into your PC.

Find out ways that malware can get on your PC.

Windows Defender detects and removes this threat.

This is a generic detection for specially formed IFrame tags pointing to webpages that have malicious content.

Find out ways that malware can get on your PC.

Microsoft security software detects and removes this threat.

More details are available in the JS/Axpergle family description.

To learn more about how this threat is being used by cybercriminals,

Read: Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Microsoft security software detects and removes this threat.

More details are available in the JS/Axpergle family description.

To learn more about how this threat is being used by cybercriminals,

Read: Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Find out ways that malware can get on your PC.