Blacole
Windows Defender detects and removes this family of threats.
You should also update your software to be fully protected.
The Blacole exploit pack tries to infect your PC with other malware, such as trojans and viruses. It also known as "Blackhole".
See our page about exploits and learn how to update common software.
When you visit a malicious or compromised website, Blacole scans your PC for vulnerabilities or weaknesses in your software.
You might visit the website from a link or attachment in an email, or from a previously safe website that has been hacked.
The threat uses those vulnerabilities it has found on your PC to download malware onto your PC:
Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.
Exploit:JS/Sevdaq
Windows Defender detects and removes this threat.
This threat uses a JavaScript vulnerability to check your PC for security software. It then looks for certain information about your computer that might be used in a future attack. It uses the vulnerability described in CVE-2013-7331 to exploit your PC.
It runs when you visit a hacked or malicious website and you have a vulnerable version of Internet Explorer.
You might get an alert about this threat even if you're not using vulnerable software. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.
Exploit:JS/Mult.DY
Exploit:JS/Mult.DY is the detection for infected webpages containing an IFrame that redirects users to a malicious website. The compromised webpages are usually found in websites running a vulnerable version of the osCommerce v2.2 software.
Exploit:SWF/Heapspray.gen!A
Exploit:SWF/Heapspray.gen!A is the generic detection for exploits affecting the Adobe Flash Player virtual machine, which use heap-spraying techniques in order to execute exploit code.
This detection may occur when you browse a webpage containing the malicious code.
Exploit:Java/CVE-2009-3869.R
Exploit:Java/CVE-2009-3869.R is the detection for malicious Java applets that exploits a stack overflow vulnerability in the Java Runtime Environment (JRE) versions 5 and 6 and described in CVE-2009-3869.
Exploit:Java/CVE-2012-1723.AKM
Exploit:Java/CVE-2012-1723.AKM is a malicious Java applet that attempts to exploit a vulnerability (CVE-2012-1723) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.
If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.
The following versions of Java are vulnerable to this exploit:
- JDK and JRE 7 Update 4 and earlier Java SE
- JDK and JRE 6 Update 32 and earlier Java SE
- JDK and JRE 5.0 Update 35 and earlier Java SE
- SDK and JRE 1.4.2_37 and earlier Java SE
Exploit:Java/CVE-2012-1723.ED
Exploit:Java/CVE-2012-1723.ED is a malicious Java applet that attempts to exploit a vulnerability (CVE-2012-1723) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.
If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.
The following versions of Java are vulnerable to this exploit:
- JDK and JRE 7 Update 4 and earlier Java SE
- JDK and JRE 6 Update 32 and earlier Java SE
- JDK and JRE 5.0 Update 35 and earlier Java SE
- SDK and JRE 1.4.2_37 and earlier Java SE
Exploit:Java/CVE-2012-0507.ZN
Exploit:Java/CVE-2012-0507.ZN is a malicious Java applet that attempts to exploit a vulnerability (CVE-2012-0507) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.
If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.
The following versions of Java are vulnerable to this exploit:
- JDK and JRE 7 Update 2 and earlier Java SE
- JDK and JRE 6 Update 30 and earlier Java SE
- JDK and JRE 5.0 Update 33 and earlier Java SE
- SDK and JRE 1.4.2_35 and earlier Java SE
- JavaFX 2.0.2 and earlier JavaFX
Exploit:HTML/IframeRef.AA
Windows Defender detects and removes this threat.
It is a hidden part of a webpage or email that directs your browser to a website that contains malicious content. This content could download malware onto your PC.
Exploit:Win32/Wordjmp.gen
Exploit:HTML/CVE-2014-1776
Windows Defender detects and removes this threat.
This threat uses a vulnerability in Internet Explorer 6 through to Internet Explorer 11 to download and run files on your PC, including other malware.
The vulnerability is addressed in Microsoft Security Bulletin MS14-021. It is also described in detail in Microsoft Security Advisory 2963983.
It runs when you visit a hacked or malicious website and you have a vulnerable version of Internet Explorer.
Exploit:SWF/Dlcypt.A
Windows Defender detects this threat.
It is an Adobe Shockwave Flash (.SWF) file that may be used by attackers to decrypt and execute encrypted JavaScript files. You might get it from certain malicious websites.
Exploit:JS/Axpergle.J
Microsoft security software detects and removes this threat.
It uses vulnerabilities in recent versions of Internet Explorer, Microsoft Silverlight, Adobe Flash Player, and Java to install malware on your PC. We have seen it try to install Trojan:Win32/Reveton.
You might get this threat if you visit a malicious or hacked website, or by clicking a malicious link in an email.
To learn more about how this threat is being used by cybercriminals,
Exploit:JS/Coolex.D
Windows Defender detects and removes this threat.
Exploit:JS/Coolex.D is script contained within an exploit pack known as the "Cool exploit kit". It can install arbitrary malware on your computer through exploiting software vulnerabilities in Java version 7, update 17 and earlier.
As the Cool exploit kit and the Blacole exploit kit share malicious web page patterns and exploits, in some instances you might see Exploit:JS/Blacole detected on your computer alongside Exploit:JS/Coolex.D.
Exploit:Java/CVE-2010-0840.OG
Exploit:Win32/Anogre.A
Windows Defender Antivirus detects and removes this threat.
This malicious file exploits a vulnerability in Windows (outlined in CVE-2011-3402). This vulnerability can allow a hacker to install programs, view, change, or delete data or create new accounts with full administrative privileges.
If you visit a website containing the malicious code while using a vulnerable version of Windows, an attempt to load Exploit:Win32/Anogre will be made.
Exploit:Win32/Pdfjsc.RM
Exploit:Win32/Pdfjsc.RM is a detection for a PDF file that contains an obfuscated malicious JavaScript that attempts to contact remote hosts in order to download arbitrary files.