The popular Japanese word processor Ichitaro, is warning users about a zero-day vulnerability that’s currently exploited by cybercriminals to spread malware.
Like similar vulnerabilities in Microsoft applications, the vulnerability allows random code to be executed on affected systems by opening a specially crafted .JTD file (JTD is the extension Ichitaro uses for its files). This can allow a malicious user to take complete control of an affected system.
Security firm Symantec has been monitoring the cybercriminal campaign, which appears to be targeted only at Japanese users, since mid-January.
This vulnerability have been spotted, the malicious files have also been detected as TROJ_TARODROP.AV. This Trojan drops and executes BKDR_AHNSY.A. The backdoor can carry out the following commands upon receiving instructions from a third-party server:
The Ichitaro is number 2 word processor in the Japanese market. At present, exploits using this vulnerability have only been spotted in targeted attacks. However, newly discovered vulnerabilities initially used in targeted attacks inevitably find their way toward more common, large-scale attacks.
When the clean document is opened, the application executes the tampered JSMISC32.DLL file, which in turn launches the malicious DLL file, detected by Symantec as Trojan Horse.
Ichitaro has been affected by zero-day vulnerabilities in the past. These were found as early as 2006, with two separate incidents found a year later. Another vulnerability was found in 2009 as well.
JustSystems has released a patch for the vulnerability exploited by the cybercriminals, so users are advised to update their installations as soon as possible.
Like similar vulnerabilities in Microsoft applications, the vulnerability allows random code to be executed on affected systems by opening a specially crafted .JTD file (JTD is the extension Ichitaro uses for its files). This can allow a malicious user to take complete control of an affected system.Security firm Symantec has been monitoring the cybercriminal campaign, which appears to be targeted only at Japanese users, since mid-January.
This vulnerability have been spotted, the malicious files have also been detected as TROJ_TARODROP.AV. This Trojan drops and executes BKDR_AHNSY.A. The backdoor can carry out the following commands upon receiving instructions from a third-party server:
- Send/Receive information
- Create, list, or terminate system processes
- Download and execute malicious files
The Ichitaro is number 2 word processor in the Japanese market. At present, exploits using this vulnerability have only been spotted in targeted attacks. However, newly discovered vulnerabilities initially used in targeted attacks inevitably find their way toward more common, large-scale attacks.
When the clean document is opened, the application executes the tampered JSMISC32.DLL file, which in turn launches the malicious DLL file, detected by Symantec as Trojan Horse.
Ichitaro has been affected by zero-day vulnerabilities in the past. These were found as early as 2006, with two separate incidents found a year later. Another vulnerability was found in 2009 as well.
JustSystems has released a patch for the vulnerability exploited by the cybercriminals, so users are advised to update their installations as soon as possible.
No comments:
Post a Comment