14 DAY TRIAL // Two remote code execution vulnerabilities affecting a popular Japanese word processor called Ichitaro, have been exploited to infect users for the past two months.
Ichitaro, which dates back to the DOS era, is the most popular word processing application on the Japanese market after Microsoft Office.
It is developed by a Japanese software company called JustSystems Corporation and uses a proprietary file extension called .JTD.
According to antivirus vendor Trend Micro, the two arbitrary code execution vulnerabilities, identified as CVE-2010-3915 and CVE-2010-3916, were discovered in September as zero-days.
They can be exploited through specially crafted JTD documents, in the same way Adobe Reader flaws are targeted by hackers via malicious PDF files.
One in-the-wild attack leverages the vulnerabilities to drop a trojan detected by Trend Micro products as TROJ_DROPPER.QVA, which further downloads and installs a backdoor called BKDR_GOLPECO.A.
"It checks whether the current user had administrative rights on the system or not; depending on the situation present it will use different means to ensure that it will run at every system startup," the Trend researchers explain.
The backdoor reports back to a command and control server and allows attackers to execute shell commands, overwrite and retrieve files from the compromised system and install more malware.
JustSystems has released patches yesterday to address these security issues in many supported Ichitaro versions and editions.
The program has separate variants for desktop and laptop computers, as well as students of different education levels.
The company also published an advisory [Japanese] describing the vulnerabilities and recommends that users update immediately.
Trend Micro says the risk of infection is non-trivial and notes that other Ichitaro vulnerabilities were used in the past to distribute malware in a similar manner.
In particular, they were exploited in targeted attacks, which are more dangerous than mass ones, because they are carefully tailored for certain groups of individuals or organizations.