Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    The most high-profile vulnerabilities tend to target either commonly used applications such as Adobe Acrobat and Flash Player or Windows itself, but in an attack which demonstrates that criminals are becoming ever more targeted, a vulnerability in  Ichitaro, a popular Japanese language word processing application, has been exploited.

    Like similar vulnerabilities in Microsoft applications, the vulnerability allows random code to be executed on affected systems by opening a specially crafted .JTD file (JTD is the extension Ichitaro uses for its files). This can allow a malicious user to take complete control of an affected system.

    Targeted attacks that use this vulnerability have already been spotted. The malicious files have also been detected as TROJ_TARODROP.AV. This Trojan drops and executes BKDR_AHNSY.A. The backdoor can carry out the following commands upon receiving instructions from a third-party server:

    • Send/Receive information
    • Create, list, or terminate system processes
    • Download and execute malicious files

    Ichitaro is the number 2 word processor in the Japanese market. At present, exploits using this vulnerability have only been spotted in targeted attacks. However, newly discovered vulnerabilities initially used in targeted attacks inevitably find their way toward more common, large-scale attacks.

    Ichitaro has been affected by zero-day vulnerabilities in the past. These were found as early as 2006, with two separate incidents found a year later. Another vulnerability was found in 2009 as well.

    The JPCERT Coordination Center has released an official bulletin via its JVNDB portal, an English translation of the contents of which can be found here. Justsystems, Ichitaro’s publisher, also released its own bulletin (English translation here). Updates for the 2009 and 2010 versions of Ichitaro are already available and patches for older versions will be made available at a later date.

    Trend Micro™ Smart Protection Network™ protects users from these threats by detecting and removing any associated malware like TROJ_TARODROP.AV at BKDR_AHNSY.A.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice