Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

• Java Development Kit, Java Runtime Environment 7 Update 11 and earlier

To check if you're running a vulnerable version of Java:

1. Go to the control panel (Select Start then Control Panel)
2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Exploit:Win32/Anicmoo.A is generic detection for exploit of a vulnerability in the way certain un-patched versions of Microsoft Windows handle animated cursor (.ani) files. Exploit could allow an attacker to remotely execute arbitrary code on impacted systems. Further details on the vulnerability are found in Microsoft Security Advisory (935423).

Exploit:Win32/Siveras.A is detection for specific known malware used to exploit a vulnerability in the Domain Name System (DNS) Server Service. This vulnerability impacts Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. For vulnerability details, workarounds, and patch information, please refer to the Microsoft Security Advisory (935964).

Trojan:JS/Psyme.AD exploits publicly published vulnerabilities via the Web browser Internet Explorer to execute malicious JavaScript. This malicious JavaScript is commonly used to download and execute other malware onto the system. 

Exploit:JS/Mult.K is detection for a JavaScript trojan that runs multiple vulnerability exploitations in order to download, execute or otherwise run arbitrary code. The malicious JavaScript trojan may be hosted on compromised Web sites.

Exploit:Win32/Exrec.gen is a generic detection of malicious code that attempts to exploit a vulnerability in Microsoft Office Excel.

Trojan:JS/Redirector.L is detection for specific JavaScript contained within Web pages. This JavaScript trojan may be injected into an HTML page via an SQL injection attack, or may be present on a malicious Web site, and may redirect users to Web sites other than expected. It is also possible for an attacker to craft HTML-based e-mail messages containing the script.

Exploit:JS/Mult.AG is a detection for malicious shellcode that attempts to exploit certain vulnerabilities in order to download and run arbitrary files. The shellcode is obfuscated.

 

Some files detected as Exploit:JS/Mult.AG may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AG is loaded, the shellcode is executed in the system.

 

This is the case for files detected as Exploit:JS/Mult.AG that may be associated with a vulnerability in Internet Explorer as discussed in Microsoft Security Advisory (961051). Users are advised to refer to these resources for more information.

 

Exploit:JS/Mult.BF is a detection for malicious shellcode that attempts to exploit certain vulnerabilities in order to download and run arbitrary files. The shellcode is obfuscated.

 

Some files detected as Exploit:JS/Mult.BF may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.BF is loaded, the shellcode is executed in the system.

 

In the wild, this exploit may download a trojan detected as TrojanDropper:Win32/Letrofen.A in systems that do not have the Microsoft Security Bulletin MS09-002 update installed.

Exploit:Win32/Evenex.gen is a generic detection for malware, which exploit a vulnerability in a specially crafted Excel document that may corrupt system memory allowing the attacker to execute arbitrary code.
Microsoft has published Microsoft Security Advisory 968272 related to this threat:

Exploit:Win32/Pdfjsc.AS is a detection for specially-crafted PDF files that attempt to exploit software vulnerabilities in Adobe Acrobat and Adobe Reader. It usually arrives in the system when the user visits a Web page that contains a malicious PDF file or opens an e-mail message containing the PDF file as an attachment.

Exploit:JS/CVE-2008-0015 is the detection for code that attempts to exploit a vulnerability in the Microsoft Video ActiveX Control. This vulnerability is discussed in detail in Microsoft Security Advisory (972890). When a user visits a Web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it may connect to a remote server and download other malware. Currently, we are aware of cases where exploits download and execute Worm:Win32/Dogkild.A on the system.

Exploit:JS/Twooken.A is the detection for a script that exploits a cross-site scripting vulnerability in the website of the Twitter service "twitter.com".

This is a detection for a malicious JavaScript that attempts to exploit a vulnerability in the web browser Firefox versions 3.6.8, 3.6.9, 3.6.10 and 3.6.11. The exploit could download and execute arbitrary code. In the wild, this exploit is known to download and execute Backdoor:Win32/Belmoo.A.

This is a detection for a malicious JavaScript that attempts to exploit a vulnerability in the web browser Firefox versions 3.6.8, 3.6.9, 3.6.10 and 3.6.11 as discussed in CVE-2010-3765. The exploit could download and execute arbitrary code. In the wild, this exploit is known to download and execute Backdoor:Win32/Belmoo.A.

Exploit:Win32/ShellCode.gen!D is a generic detection for files that contain a malicious shellcode.