Last Friday, yet another Ichitaro zero-day exploit was discovered. Ichitaro is a well-known Japanese word processor produced by JustSystems.
While the case is still under analysis, the apparent behavior is that a malware is automatically installed when a malicious .JTD file is opened with the Ichitaro application. The affected platform is Windows XP SP2 Japanese version with Ichitaro 2006. Trend Micro detects the said malicious .JTD file as TROJ_TARODROP.AB, which installs a backdoor detected as BKDR_AGENT.AIAJ.
This year, the number of targeted attacks on Japanese applications has increased, seen to be in line with the increase of language-specific regional attacks. Malware authors targeting Ichitaro are bound to be successful as this application is popular. Users of the said application therefore need to take extra caution.
As noted at 18:30 last December 14, JustSystems has released the security update module to fix the vulnerability. If you are using the JustSystem product, please update it as soon as possible.
Again, this is not the first Ichitaro exploit. This year alone, in August, a malicious Ichitaro document taking advantage of a vulnerability to drop a Trojan on target systems was reported. A full year before that, the first Ichitaro exploit was identified.
Share this article