Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Targeted Attack Exploits Ichitaro Vulnerability

Created: 19 Jun 2013 02:48:45 GMT • Updated: 23 Jan 2014 18:06:21 GMT • Translations available: 日本語
Symantec Security Response's picture
+1 1 Vote
Login to vote

JustSystems, developer of the Japanese word processor software called Ichitaro, recently announced a vulnerability—Multiple Ichitaro Products CVE-2013-3644 Remote Code Execution Vulnerability (CVE-2013-3644)—that has been exploited by attackers in the wild. Symantec has seen the exploitation being used in targeted attacks since May, but it has been limited to users in Japan and the volume of attacks has been minimal.

The attacker can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign. When a user opens the malicious Ichitaro document file, arbitrary code is executed causing malware to be dropped onto the computer. Symantec detects the malicious document files as Trojan.Tarodrop.M. Files dropped by the exploit depend on the specific attack but are generally detected as Trojans, such as Backdoor.Specfix.

We continue to monitor this threat to improve coverage and will provide any relevant updates when possible. Symantec strongly advises users to update their antivirus definitions regularly and ensure the latest Ichitaro patch is installed.