Targeted Attack Exploits Ichitaro Vulnerability

JustSystems, developer of the Japanese word processor software called Ichitaro, recently announced a vulnerability (CVE-2013-3644) that has been exploited in the wild. Symantec has seen the exploitation being used in targeted attacks since May, but it has been limited to users in Japan and the volume of attacks has been minimal.

The attacker can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign.  When a user opens the malicious Ichitaro document file, arbitrary code is executed causing malware to be dropped onto the computer.   Symantec detects the malicious document files as Trojan.Tarodrop.M.  Files being dropped by the exploit depend on the specific attack, but are generally detected as Trojans such as Backdoor.Specfix.

We continue to monitor this threat to improve coverage and will provide any relevant updates when possible. Symantec strongly advises users to update their antivirus definitions regularly and ensure the latest Ichitaro patch is installed.


Leave a Reply