I just finished a full scan with Totat Protection and it detected a threat called JV/Exploit blacole.f and a couple of weeks ago it detected JV/Exploit blacole.a and were put into quarantined. First question is my computer now safe? Second, does anyone know what these trojans are? Third, what do I do now, do I delete them from quarantined or just leave them there?
the .a version has details of what to do.
I would delete them from quarantine fix the MBR and update java.
Message was edited by: Peacekeeper on 25/04/12 7:20:21 PM
1. From webopedia.com
A type of crimeware Web application developed in Russia to help hackers take advantage of unpatched exploits in order to hack computers via malicious scripts planted on compromised websites. Unsuspecting users visiting these compromised sites would be redirected to a browser vulnerability-exploiting malware portal website in order to distribute banking Trojans or similar malware through the visiting computer.
Blackhole exploit kits are based on PHP and a MySQL backend and incorporate support for exploiting the most widely used and vulnerable security flaws in order to provide hackers with the highest probability of successful exploitation. The kits typically target versions of the Windows operating system and applications installed on Windows platforms.
2. If you want a lot more technical detail there is a Technical Paper from Sophos - see
As Peacekeeper says the kit looks for out-of-date versions of programs like Java, Flash, and Adobe Reader which have known security flaws that can be exploited to take over your machine. Just keeping everything updated goes a long way to keeping you safe. There's a program from Secunia which monitors your apps and tells you when to update : I did request (in Product Ideas) that McAfee bring out something similar but it hasn't appeared yet. If you don't want to install this program you can do a quick online scan for outdated products with this program.
Moved out of Help section into Security Awareness (Home User Assistance)