167 entries found. Displaying page 5 of 9.
Updated on Dec 05, 2012

Trojan:JS/BlacoleRef.CL is a detection name for an obfuscated JavaScript, often found inserted into compromised websites. This threat is designed to load a hidden IFrame that loads behind the user's browser, redirecting it to an exploit server known as "Blackhole".

Alert level: severe
Updated on Aug 13, 2012

Trojan:JS/BlacoleRef.W is a member of the BlacoleRef family, a familiy of obfuscated JavaScripts, often found inserted into compromised websites. This threat is designed to load a hidden IFrame that loads behind the user's browser, redirecting it to an exploit server known as "Blackhole".

Alert level: severe
Updated on Apr 12, 2012

TrojanDownloader:Java/Rexec.H is a Java-based trojan that is generated by the "Blackhole" exploit kit, and may download and execute other malware.

Alert level: severe
Updated on Apr 19, 2012

Trojan:JS/Redirector.JE is a JavaScript that adds a hidden IFrame that points to other malware distributed via Blackhole kit servers. It may be embedded in an HTML file, which had been modified without the owner's knowledge. Hence it might be present in otherwise legitimate webpages.

Alert level: severe
Updated on Nov 18, 2011

Exploit:Java/CVE-2010-0840.NE is a Java applet that exploits a vulnerability in Java Runtime Environment (JRE) as discussed in CVE-2010-0840.

Alert level: severe
Updated on May 22, 2014

Microsoft security software detects and removes this family of threats.

This family of malware work together to download other malware, including threats from the Win32/Sirefef and Win32/Medfos families. They can also give a malicious hacker backdoor access and control of your PC.

These threats can be installed at the same time as rogue security software, such as Rogue:Win32/Winwebsec.

We have seen the Necurs family being installed by variants of the Blacole family, the Win32/Beebone family, the Win32/Zbot family, and the Win32/Dorkbot family.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Aug 07, 2012

Trojan:JS/Blacofus.A is an obfuscated JavaScript trojan that decrypts a variant of Trojan:JS/Blacole.

Alert level: severe
Updated on Oct 21, 2012

Trojan:JS/BlacoleRef.AP is a member of the BlacoleRef family, a familiy of obfuscated JavaScripts, often found inserted into compromised websites. This threat is designed to load a hidden IFrame that loads behind the user's browser, redirecting it to an exploit server known as "Blackhole".

Alert level: severe
Updated on Oct 01, 2013

Windows Defender detects and removes this threat.

This threat can install other malware onto your PC, including the Blacole and Cool exploit kits. These kits exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

Trojan:JS/Quidvetis.A is installed on your PC when you visit a hacked web page.

 

Alert level: severe
Updated on May 06, 2013

Exploit:Win32/Pdfjsc.AID is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

  • Adobe Acrobat and Adobe Reader earlier than 8.2.1
  • Adobe Acrobat and Adobe Reader earlier than 9.3.1
Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

Alert level: severe
Updated on Nov 23, 2015

Microsoft security software detects and removes this family of threats.

This family of malware work together to download other malware, including threats from the Win32/Sirefef and Win32/Medfos families. They can also give a malicious hacker backdoor access and control of your PC.

These threats can be installed at the same time as rogue security software, such as Rogue:Win32/Winwebsec. We have also seen them installed by variants of the Blacole family, the Win32/Beebone family, the Win32/Zbot family, and the Win32/Dorkbot family.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on May 30, 2012

Exploit:HTML/IframeRef.BG is a detection for an obfuscated exploit that is embedded within a compromised web page. The exploit creates a malicious IFrame into same web page that, when viewed in a web browser, redirects the browser to another site to possibly execute other malicious code.

Alert level: severe
Updated on Jan 30, 2012

Trojan:JS/BlacoleRef.T is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.

Alert level: severe
Updated on Oct 08, 2013

Windows Defender detects and removes this threat.

You should also update your software to be fully protected.

BlacoleRef is a type of malware which tries to infect your PC with other malware, such as trojans and viruses.

It belongs to the Blacole family of malware, which together are known as the Blacole (or "Blackhole") exploit kit. 

See our page about exploits and learn how to update common software.

When you visit a malicious or compromised website, BlacoleRef scans your PC for vulnerabilities or weaknesses in your software.

You might visit the website from a link or attachment in an email, or from a previously safe website that has been hacked.

The threat uses those vulnerabilities it has found on your PC to download malware onto your PC:

Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

Alert level: severe
Updated on Feb 21, 2013

Trojan:HTML/BlacoleRef.A is a malicious webpage used by the BlacoleRef family to infect your computer with other malware.

BlacoleRef is a type of malware which uses your Internet browser to attack your computer and infect it with other malware, such as trojans and viruses. It belongs to the Blacole family of malware, which together are known as the Blacole (or "Blackhole") exploit kit. 

Blacole attacks your computer by exploiting multiple vulnerabilities through your Internet browser.

A vulnerability is like a "hole" in your software that malware can use (or "exploit") to get on your computer. These vulnerabilities, or holes, are fixed by installing updates to the software; this is why it is extremely important to keep all of the programs on your computer up to date. See here for information on how to update some software.

Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

For more information on this exploit kit, and for steps you can take to avoid your computer from being infected, please see the detailed Blacole description.

Install updates to prevent infection

The nature of this threat means that you may need to take some steps to prevent being vulnerable from this, and similar exploits.

Download updates for Adobe products from the following link:

Take the following steps to protect yourself from vulnerabilities in Java and Oracle programs

  1. Clear the Java cache
  2. Update Java
  3. Remove older versions of Java

Note: This detection may be triggered when you visit a website that contains the malicious code, even if you are not using a vulnerable version of Java. This does not mean that you have been compromised, rather that an attempt to compromise your computer has been made.

For detailed information about these steps, please see the Additional removal instructions below.

For more information about BlacoleRef, please see the Trojan:JS/BlacoleRef and Blacole family descriptions.

Alert level: severe
Updated on Mar 30, 2012

Trojan:JS/BlacoleRef.AK is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.

Alert level: severe
Updated on Jan 24, 2012

Trojan:JS/BlacoleRef.Q is a malicious JavaScript trojan that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.

Alert level: severe
Updated on Jan 31, 2012

Exploit:Java/CVE-2010-0840.NU is a malicious Java applet that exploits a vulnerability of privilege escalation in JRE (Java Runtime Environment) versions 5 and 6 as described in CVE-2010-0840. The Java exploit is a component of the "Blackhole" exploit pack and is hosted on compromised web sites. The successful exploitation of a vulnerable host may lead to the downloading and execution of arbitrary files.

 
Alert level: severe
Updated on Feb 13, 2012

Exploit:Win32/Pdfjsc.YX is a specially-crafted JavaScript, which exploits a vulnerability in the Java Runtime Environment, Adobe Acrobat, and Adobe Reader discussed in the following articles:

Alert level: severe
Updated on Jul 29, 2013

Microsoft security software detects and removes this threat.

Trojan:JS/BlacoleRef.DF is a type of malware which uses your Internet browser to attack your computer and infect it with other malware, such as trojans and viruses. It belongs to the Blacole family of malware, which together are known as the Blacole (or "Blackhole") exploit kit. 

This threat attacks your computer by exploiting multiple vulnerabilities through your Internet browser if you visit a malicious or compromised webpage.

A vulnerability is like a "hole" in your software that malware can use (or "exploit") to get on your computer. These vulnerabilities, or holes, are fixed by installing updates to the software; this is why it is extremely important to keep all of the programs on your computer up to date. See here for information on how to update some software.

For more information on this threat, see the family description for Trojan:JS/BlacoleRef.

Alert level: severe