Windows Defender detects and removes this family of threats.

You should also update your software to be fully protected.

The Blacole exploit pack tries to infect your PC with other malware, such as trojans and viruses. It also known as "Blackhole".

See our page about exploits and learn how to update common software.

When you visit a malicious or compromised website, Blacole scans your PC for vulnerabilities or weaknesses in your software.

You might visit the website from a link or attachment in an email, or from a previously safe website that has been hacked.

The threat uses those vulnerabilities it has found on your PC to download malware onto your PC:

Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

Windows Defender detects and removes this threat.

You should also update your software to be fully protected.

BlacoleRef is a type of malware which tries to infect your PC with other malware, such as trojans and viruses.

It belongs to the Blacole family of malware, which together are known as the Blacole (or "Blackhole") exploit kit. 

See our page about exploits and learn how to update common software.

When you visit a malicious or compromised website, BlacoleRef scans your PC for vulnerabilities or weaknesses in your software.

You might visit the website from a link or attachment in an email, or from a previously safe website that has been hacked.

The threat uses those vulnerabilities it has found on your PC to download malware onto your PC:

Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

Windows Defender detects and removes this threat.

You should also update your software to be fully protected.

BlacoleRef is a type of malware which tries to infect your PC with other malware, such as trojans and viruses.

It belongs to the Blacole family of malware, which together are known as the Blacole (or "Blackhole") exploit kit. 

See our page about exploits and learn how to update common software.

When you visit a malicious or compromised website, BlacoleRef scans your PC for vulnerabilities or weaknesses in your software.

You might visit the website from a link or attachment in an email, or from a previously safe website that has been hacked.

The threat uses those vulnerabilities it has found on your PC to download malware onto your PC:

Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

Trojan:HTML/BlacoleRef.A is a malicious webpage used by the BlacoleRef family to infect your computer with other malware.

BlacoleRef is a type of malware which uses your Internet browser to attack your computer and infect it with other malware, such as trojans and viruses. It belongs to the Blacole family of malware, which together are known as the Blacole (or "Blackhole") exploit kit. 

Blacole attacks your computer by exploiting multiple vulnerabilities through your Internet browser.

A vulnerability is like a "hole" in your software that malware can use (or "exploit") to get on your computer. These vulnerabilities, or holes, are fixed by installing updates to the software; this is why it is extremely important to keep all of the programs on your computer up to date. See here for information on how to update some software.

Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

For more information on this exploit kit, and for steps you can take to avoid your computer from being infected, please see the detailed Blacole description.

Install updates to prevent infection

The nature of this threat means that you may need to take some steps to prevent being vulnerable from this, and similar exploits.

Download updates for Adobe products from the following link:

• Updating Software

Take the following steps to protect yourself from vulnerabilities in Java and Oracle programs

1. Clear the Java cache
2. Update Java
3. Remove older versions of Java

Note: This detection may be triggered when you visit a website that contains the malicious code, even if you are not using a vulnerable version of Java. This does not mean that you have been compromised, rather that an attempt to compromise your computer has been made.

For detailed information about these steps, please see the Additional removal instructions below.

For more information about BlacoleRef, please see the Trojan:JS/BlacoleRef and Blacole family descriptions.

Microsoft security software detects and removes this family of threats.

You should also update your software to be fully protected.

These threats are part of the Blacole family of malware. For more information, see our Blacole family description.

Exploit:SWF/Blacole.J is a malicious Adobe Shockwave Flash (.SWF) file, distributed as part of the "Blackhole" exploit kit, that exploits a vulnerability described in CVE-2011-2110. Successful exploitation by the malware could result in downloading and executing arbitrary files.

Exploit:Win32/Pdfjsc.YX is a specially-crafted JavaScript, which exploits a vulnerability in the Java Runtime Environment, Adobe Acrobat, and Adobe Reader discussed in the following articles:

• CVE-2011-2110
• CVE-2010-0840
• CVE-2007-5659

Exploit:JS/Blacole.AR is the detection for malicious JavaScript that loads a series of other exploits that are distributed as components of the "Blackhole kit". If the computer runs a vulnerable version of certain software and exploitation is successful, various malware may be downloaded.

Exploit:JS/Blacole.DC is a variant of JS/Blacole, JavaScript malware that consists of several exploits and is created by the "Blackhole" exploit kit.

Exploit:Java/CVE-2010-0840.NU is a malicious Java applet that exploits a vulnerability of privilege escalation in JRE (Java Runtime Environment) versions 5 and 6 as described in CVE-2010-0840. The Java exploit is a component of the "Blackhole" exploit pack and is hosted on compromised web sites. The successful exploitation of a vulnerable host may lead to the downloading and execution of arbitrary files.

Exploit:Java/CVE-2011-3544.N is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

Trojan:JS/BlacoleRef.V is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.

For more information about the Blackhole exploit kit, please see the description for "Blacole" elsewhere in the encyclopedia.

Trojan:JS/Redirector.JE is a JavaScript that adds a hidden IFrame that points to other malware distributed via Blackhole kit servers. It may be embedded in an HTML file, which had been modified without the owner's knowledge. Hence it might be present in otherwise legitimate webpages.

Exploit:SWF/Blacole.A is a detection for malicious code within specially crafted Adobe Shockwave flash (.SWF) files. The malicious files are commonly distributed via an exploit kit, known as "Blackhole", within compromised webpages. The malware is capable of redirecting a web browser to another specified website and downloading and executing arbitrary files.