Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Vulnerabilities (designated as CVE-2010-3915 and CVE-2010-3916) have been found in the popular Japanese-language word processor Ichitaro. If exploited, a specially crafted .JTD file can be used to drop and execute files. Files exploiting these vulnerabilities are detected as TROJ_TARODRP.SM.

    The current payload of the attacks that target this vulnerability is a dropper detected as TROJ_DROPPER.QVA. It checks whether the current user has administrative rights on the system or not. Depending on the situation, it uses different means to ensure that it will run at every system startup. The end behavior, however, is identical—a backdoor (BKDR_GOLPECO.A) is dropped onto the infected system. It contacts a command-and-control (C&C) server. Among the commands that a would-be bot herder can execute on an infected system are:

    • Perform shell commands
    • Overwrite on/Retrieve files from the infected system
    • Download and execute files from the Internet

    Taken together, a system can be completely compromised by this malware. This is a nontrivial risk, as both this and previous Ichitaro vulnerabilities were used in targeted attacks, with correspondingly higher risks.

    Trend Micro users have been protected since September 18 when patterns protecting against the above-mentioned threats were released. Related malicious URLs have also been blocked since the same date. However, due to nondisclosure agreements (NDAs), we have been unable to discuss this threat until a fix for the vulnerability was released.

    Justsystems, Ichitaro’s publisher, has released a patch to fix this vulnerability. Until users can apply the patch, Trend Micro protects them via the Smart Protection Network™.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice