The most high-profile vulnerabilities tend to target either commonly used applications such as Adobe Acrobat and Flash Player or Windows itself, but in an attack which demonstrates that criminals are becoming ever more targeted, a vulnerability in Ichitaro, a popular Japanese language word processing application, has been exploited.
Like similar vulnerabilities in Microsoft applications, the vulnerability allows random code to be executed on affected systems by opening a specially crafted .JTD file (JTD is the extension Ichitaro uses for its files). This can allow a malicious user to take complete control of an affected system.
Targeted attacks that use this vulnerability have already been spotted. The malicious files have also been detected as TROJ_TARODROP.AV. This Trojan drops and executes BKDR_AHNSY.A. The backdoor can carry out the following commands upon receiving instructions from a third-party server:
- Send/Receive information
- Create, list, or terminate system processes
- Download and execute malicious files
Ichitaro is the number 2 word processor in the Japanese market. At present, exploits using this vulnerability have only been spotted in targeted attacks. However, newly discovered vulnerabilities initially used in targeted attacks inevitably find their way toward more common, large-scale attacks.
The JPCERT Coordination Center has released an official bulletin via its JVNDB portal, an English translation of the contents of which can be found here. Justsystems, Ichitaro’s publisher, also released its own bulletin (English translation here). Updates for the 2009 and 2010 versions of Ichitaro are already available and patches for older versions will be made available at a later date.
Trend Micro™ Smart Protection Network™ protects users from these threats by detecting and removing any associated malware like TROJ_TARODROP.AV at BKDR_AHNSY.A.