Author:- Stephen Harrison, BSc, MSc, MBCS, CITP, InstM
Sharing over 20 years of IT experience with you 
More about me here

Exploit:Java/Blacole Exploit Kit

by Aderito
(Germany)

Exploit:Java/Blacole.AB And Other Variants Detected

Exploit:Java/Blacole.AB And Other Variants Detected

Microsoft Security Essentials detected and removed the Exploit:Java/Barcole infection from my computer.

My understanding is this Trojan is a Blackhole Exploit Kit detection component. These kits are used by hackers to distribute their Malware ranging from targeted advertisements to key loggers.

Microsoft Security Essentials classes the Alert Level as Severe. This means the exploit is widespread or exceptionally malicious, and should be removed immediately.

It also has no symptoms i.e. no impact on your computers performance and no error messages. It buries itself in your computer system to avoid anti-virus detection.

It gets onto your computer from a compromised Web Server you have visited. The cyber-criminal installs the kit onto the Web Server.

If you visit this Server and your computer has the right vulnerabilities the rookit activates and exploits by downloading malware on to your machine.

The vulnerability in my case is with Sun Java. I should really update it to the latest version so this doesn't happen again.

My Reply


Thanks Adertio for contributing. I've added further comments in the comments section.

This is an example of a False-Positive detection as a result of a faulty Valentine's day Security Update.

Microsoft Security Essentials flagged this Java Exploit when home computer users visited google.com – the worlds most visited web site!

Google is not infected with the Blacole Trojan. Through my research it looks like if you clicked the remove option in these circumstances then no new problems are triggered on your computer.

It is likely MSE would tell you that it could not detect the threat (because there is no threat to start with!).

Microsoft rectified this issue by quickly releasing a further virus definition update.

In my experience a faulty patch or definition file is released a couple of times a year. They can be a pain to Business users and their IT Support Departments, but they are usually corrected very quickly by the vendor.

Comments for Exploit:Java/Blacole Exploit Kit

Average Rating starstarstarstarstar

Click here to add your own comments

Jun 03, 2012
Rating
starstarstarstarstar 		Exploit Kit Protection
by: Steve

The Blacole Trojan family can cause you all sorts of problems with silent MalWare infections.

If your anti-virus program detects this then remove it immediately!

In Aderito's case the Trojan exploited a vulnerability in his version of Sun Java.

Java is the program that enables web sites to read JavaScript language so they can do lots of fancy stuff such as refresh a page by clicking a button.

It is essential you keep your software programs up to date with the latest patches. Sun Java, Adobe Acrobat and Adobe Reader can all be exploited by this Trojan family if you do not keep then up to date.

If you are concerned about your computer being infected and your anti-virus program not detecting this Trojan, there are a couple of things you can do to put your mind at ease:

1. Install and run the Secunia Personal Software Inspector (PSI) (Opens New Window).


This program scans commonly exploited applications such as Adobe and tells you whether any of them need updating.

It provides a link to the updates you need for those programs that are out of date.

2. Manually remove the exploit. This I don't recommend to the everyday home computer user. It involves stopping processes in Task Manager and deleting registry Keys.

There is plenty of advice out there if you really want to go down this route.


As Sun Java is cross-platform, it is possible for this type of exploit to infiltrate non-windows Operating systems.

Apple issued a set of updates to protect their users from being exploited.

To give you an idea of how cyber-criminals work, the hacker responsible for Blacole (Also know as BlackHole Exploit Kit) sells the use of his 'product' to other hackers for $4000, in addition to a License which is required at $700 every 3 months, $1000 every 6 months or $1500 per year.

The hacker also sells his own hosted solution known as Bulletproof Servers (Servers located in China that have all sorts of fancy set-ups to keep the cyber-criminal anonymous, for example).

These Web Servers come with the Exploit kit pre-installed, enabling other hackers to use this for their ill-gotten gains. He charges $200 a week, or $500 per month to rent this service out to other hackers!

Online Criminal activity is big Business with big money changing hands. Keep your computer Safe from these people!

Click here to add your own comments

Join in and write your own page! It's easy to do. How? Simply click here to return to Microsoft Security Essentials.