Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    A new exploit has been found in the Japanese word processor Ichitaro. JP-RTL engineers have received a sample Ichitaro document, which is capable of exploiting the previously unknown vulnerability. It is released by Japanese Vulnerability Notes as JVNDB-2010-000024. If exploited, arbitrary code could be run on users’ systems.

    The file that exploits this new vulnerability has been detected as TROJ_TARODROP.XZ. This malicious Ichitaro document actually contains two files, which are both dropped and opened on the affected system—a malicious executable file detected as TROJ_TARO.XZ and a nonmalicious document.

    TROJ_TARO.XZ primarily serves as a means for malicious users to download malicious files onto the affected system. At this time, the downloaded file does not execute on user systems. However, this file could easily be replaced by a working malicious file at a later date.

    JustSystems, Ichitaro’s publisher, has released a patch to remedy this flaw. (An English-language version of the patch page can be found here.) Until users can patch their systems, Trend Micro advises them to be cautious in opening Ichitaro documents, especially those that come from unknown or untrustworthy sources. More TROJ_TARODROP variants are expected to be seen in the coming days, as cybercriminals rush to exploit this flaw.

    Trend Micro product users, however, need not fret as Smart Protection Network™ already protects them from this threat by detecting TROJ_TARODROP.XZ and TROJ_TARO.XZ as well as by preventing the files’ execution on their systems.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice