Trojan:Win32/Swif.L is a detection for an obfuscated and malicious Shockwave (SWF) data file. The underlying code of the SWF file could have any purpose.

Exploit:JS/ShellCode.Z is a generic detection for JavaScript objects that construct shellcode. These scripts may be embedded within other document files such as specially-crafted .PDF files, for example.

 

This detection also includes malicious JavaScript that attempts to exploit an uninitialized memory corruption vulnerability (CVE-2010-0806) that allows the execution of arbitrary code. Microsoft released Microsoft Security Bulletin MS10-018 to mitigate this vulnerability.

Exploit:JS/Sykipot.A is a detection for obfuscated script files that exploit a vulnerability in Internet Explorer. The vulnerability has been resolved with the release of Microsoft Security Update MS10-018.

Exploit:Java/CVE-2008-5353.CQ is based on a vulnerability which affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:SWF/ShellCode.L is the detection for a specially-crafted SWF (ShockWave Flash) file that exploits a vulnerability found in Adobe Flash Player prior to version 10.1.85.3. The vulnerability is discussed in detail in the following pages:

• CVE-2010-2884
• APSB10-22

Trojan:Java/Mesdeh is the detection for a data file that is used by malware to exploit a vulnerability in the Java Runtime Environment (JRE) discussed in CVE-2010-0094. Successful exploitation of the affected computer allows attackers to bypass Java sandbox restrictions and gain read and write access to the local file system.

Exploit:Java/CVE-2008-5353.WO is a detection for an obfuscated malicious Java class component that exploits the vulnerability described in CVE-2008-5353.

 

The vulnerability affects Java Virtual Machine (JVM) up to and including version 5 update 22 and version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside of its "sandbox" environment. 

Trojan:SWF/Jaswi.A is small web format (.SWF) trojan that attempts to download other malware using an embedded and obfuscated malicious JavaScript. The SWF format trojan uses a vulnerability known as CVE-2010-0806 to exploit Windows computers and execute code via the malicious JavaScript.

Trojan:JS/Redirector.GO a generic detection for obfuscated JavaScript files that attempt to redirect the user's browser to a specific website.

Exploit:Win32/CVE-2010-3962.B is the detection for a Javascript that attempts to exploit a vulnerability in Internet Explorer.

Exploit:Java/CVE-2010-0840.DN is the detection for a malicious and obfuscated Java class that exploits the vulnerability in Java described in CVE-2010-0840. Successful exploitation leads to remote code execution.

Exploit:Java/Blacole.W is the detection for the Java class module included in "worms.jar" that is part of the "Blackhole" exploit pack. The file "worms.jar" is an applet that exploits the vulnerability in Java Runtime Environment described in CVE-2010-0840.

Exploit:SWF/CVE-2011-2140.A is the detection for specially crafted Adobe Shockwave Flash (SWF) files that exploit the vulnerability described in the following articles:

• CVE-2011-2140
• APSB11-21

It attempts to play a movie file. As of this writing, the movie file is unavailable.

Exploit:Java/Blacole.BD is malicious Java code that exploits a vulnerability in the Java Runtime Environment component of Oracle Java SE and Java for Business that allows the execution of arbitrary code. The vulnerability is further described in CVE-2010-0840.