Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

New fiscal year in Japan, new zero-day in Justsystem's Ichitaro

Created: 07 Apr 2007 07:00:00 GMT • Updated: 23 Jan 2014 18:50:33 GMT
Joji Hamada's picture
0 0 Votes
Login to vote

In Japan, April is the first month of the fiscal year and is alsothe time of year when large numbers of high school and collegegraduates join the workforce. These new hires usually go though intensetraining in the first few months at their respective companies beforebeing assigned to their new posts. Well, these companies had betterplan to quickly take them through a crash course on security inaddition to the normal training, because there is new targeted attackthat takes advantage of a zero-day vulnerability in Justsytem'sIchitaro, the word processing program most widely used in Japan.

The attack – a specially crafted Justsystem Ichitaro document employing the zero-day exploit, which Symantec detects as Trojan.Tarodrop.C,allows a Trojan horse to be dropped onto the target computer. Thedropped Trojan horse then takes over and drops a downloader Trojan ontothe compromised computer which then attempts to download yet anothermalicious file from a remote server. As with many other targetedattacks, the goal of the malware is to spy on the target. Perhaps theattacker's tactic is to aim at the innocent new hires, or it might bethat the attack is just a signal to start off the new fiscal year.

You can view further details of the threat on the Trojan.Tarodrop.C writeup.

Since this vulnerability has yet to be patched, you should be extracareful when using Ichitaro and refrain from opening Ichitaro filesreceived from untrusted sources. Also remember to keep your securitysoftware up-to-date and follow safe computing practices.

Justsystem and the National Police Agency in Japan have alsopublished information (in Japanese) on this vulnerability. Please see: