We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:JS/BlacoleRef.CZ
Aliases: No associated aliases
Summary
Windows Defender detects and removes this threat.
You should also update your software to be fully protected.
This threat is a type of malware which tries to infect your computer with other malware, such as trojans and viruses.
It belongs to the Blacole family of malware, which together are known as the Blacole (or "Blackhole") exploit kit.
See our page about exploits and learn how to update common software.
When you visit a malicious or compromised website, Blacole scans your computer for vulnerabilities or weaknesses in your software. It then uses those vulnerabilities to download malware onto your computer:
Typically, the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
After you have scanned your computer, you should update all of your software.
The more up-to-date your software, the better your chances at preventing Blacole from infecting your computer with more malware.
You can read more about this vulnerability and download software updates from these links:
You should remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. You can read more about why you should remove older versions of Java in the following article:
A detection for this exploit may be triggered from your Java cache if a previous attempt at exploit has been made. We recommend that you delete your temporary Java files to prevent a persistent detection of this exploit. For instructions on how to delete temporary Java files, please see the following article: