Exploit:JS/BlacoleRef.D is a detection for obfuscated JavaScript often found distributed through compromised websites.

Windows Defender detects and removes this threat.

This threat uses a vulnerability in your software to download other malware.

It runs when you visit a hacked website and you have a vulnerable version of Java installed on your PC. A number of legitimate websites could be hacked or unwillingly host this threat.

The following versions of Java are vulnerable:

• Oracle Java SE and Java for Business 6 Update 18 and earlier

To check if you're running a vulnerable version of Java:

1. Go to the control panel (Select Start then Control Panel)
2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You might get a detection for this threat if you visit a website that has the malicious code, even if you're not using a vulnerable version of Java. This doesn't mean that you have been hacked; it means someone has tried to hack into your PC.

The vulnerability that this threat exploits is described in CVE-2010-0840.

Exploit:Win32/CVE-2011-2140.A is a detection for malware that attempts to exploit a vulnerability in Adobe Flash Player

Exploit:Java/CVE-2010-0840.NS is a variant of the Exploit:Java/CVE-2010-0840 family - a detection for a malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its "sandbox" environment. It is discussed in CVE-2010-0840.

Exploit:SWF/Blacole.T is a malicious Adobe Shockwave Flash (.SWF) file, distributed as part of the "Blackhole" exploit kit, that exploits a vulnerability described in CVE-2011-2110. Successful exploitation by the malware could result in downloading and executing arbitrary files.

Exploit:Win32/CVE-2012-4969.C is an exploit for the vulnerability in Internet Explorer described in Microsoft Security Advisory 2757760. The exploit eventually leads to another malware being downloaded into your computer.

Exploit:Win32/CVE-2012-4969.A is a special crafted JavaScript, which takes advantage of a vulnerability in Internet Explorer 6 through 9. The vulnerability is described in detail in CVE-2012-4969. It is mitigated with the release of a Fixit tool as described in Microsoft Security Advisory 2757760.

Exploit:Win32/Pdfjsc.AFW is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat and Adobe Reader earlier than 8.2.1
• Adobe Acrobat and Adobe Reader earlier than 9.3.1

Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

• Updating Software