Zero-Day Vulnerability in Japanese Word Processor Ichitaro Exploited in the Wild

JustSystems has released a patch to address the flaw

By Eduard Kovacs on February 26th, 2013 10:40 GMT

JustSystems, the developer of the popular Japanese word processor Ichitaro, is warning users about a zero-day vulnerability that’s currently exploited by cybercriminals to spread malware.

Security firm Symantec has been monitoring the cybercriminal campaign, which appears to be targeted only at Japanese users, since mid-January.

Symantec reports that a typical attack starts with an archive which contains three files: a modified version of JSMISC32.DLL, a file that’s used by the word processor; a clean Ichitaro document (.jdt); and a malicious DLL which bears a .jdt extension.

When the clean document is opened, the application executes the tampered JSMISC32.DLL file, which in turn launches the malicious DLL file, detected by Symantec as Trojan Horse. 

Fortunately, JustSystems has released a patch for the vulnerability exploited by the cybercriminals, so users are advised to update their installations as soon as possible.
Files used to exploit the Ichitaro vulnerability
   Files used to exploit the Ichitaro vulnerability
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments