Exploit:Win32/Pdfjsc.NJ is the detection for a PDF file that contains an obfuscated JavaScript. This JavaScript exploits certain vulnerabilities, such as CVE-2010-0188, in Adobe Acrobat and Adobe Reader, allowing it to download arbitrary files into the affected computer.

Exploit:JS/CVE-2010-0806.gen!A is the generic detection for specially crafted JavaScript that attempts to exploit the vulnerability in Internet Explorer resolved with the release of Microsoft Security Bulletin MS10-018.

Exploit:Win32/Pdfjsc.OL is the detection for malicious Portable Document Format (PDF) files that contain an obfuscated JavaScript. These files exploit a vulnerability in Adobe Acrobat and Adobe Reader that allows it to download and execute arbitrary files. The vulnerability is discussed in the following links:

• CVE-2010-0188
• APSB10-07

TrojanDownloader:Java/OpenStream.AQ is a Java applet trojan that can be distributed inside a Java .jar package that varies in size. It is a variation of Exploit:Java/CVE-2010-0840.W and exploits the vulnerability described in CVE-2010-0840.

Exploit:Java/CVE-2010-0842.N is a detection for a malicious Java class that exploits a vulnerability discussed in CVE-2010-0842. Successful exploitation could lead to the execution of arbitrary code.

Exploit:JS/Blacole.AR is the detection for malicious JavaScript that loads a series of other exploits that are distributed as components of the "Blackhole kit". If the computer runs a vulnerable version of certain software and exploitation is successful, various malware may be downloaded.

Exploit:JS/Blacole.DC is a variant of JS/Blacole, JavaScript malware that consists of several exploits and is created by the "Blackhole" exploit kit.

TrojanDownloader:Java/OpenConnection.PM is an obfuscated Java applet that attempts to download and execute arbitrary files from a remote host. It is usually bundled with other malware that exploits the vulnerability described in CVE-2010-0840.

The vulnerability allows this malware to download and run arbitrary files. The trojan may also be encountered when visiting a compromised or malicious webpage with a vulnerable computer.

The following versions of Java are vulnerable to this exploit:

• JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux; Java SE
• JDK 5.0 Update 23 and earlier for Solaris; Java SE
• SDK 1.4.2_25 and earlier for Solaris; Java SE
• JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux; Java for Business
• JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux; Java for Business
• SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux; Java for Business

Install updates to prevent infection

This malware exploits known vulnerabilities.

Make sure that you install all available updates from the vendor and remove old versions of Java in order to avoid this exploit. You can read more about this vulnerability and download software updates from these links:

• CVE-2010-0840
• Oracle advisory
• Java Download
• Remove older versions of Java

Trojan:JS/Redirector.JE is a JavaScript that adds a hidden IFrame that points to other malware distributed via Blackhole kit servers. It may be embedded in an HTML file, which had been modified without the owner's knowledge. Hence it might be present in otherwise legitimate webpages.