Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Targeted Attack Exploits Ichitaro Vulnerability

Created: 19 Jun 2013 02:48:45 GMT • Updated: 23 Jan 2014 18:06:21 GMT • Translations available: 日本語
Symantec Security Response's picture
+1 1 Vote
Login to vote

JustSystems, developer of the Japanese word processor software called Ichitaro, recently announced a vulnerability—Multiple Ichitaro Products CVE-2013-3644 Remote Code Execution Vulnerability (CVE-2013-3644)—that has been exploited by attackers in the wild. Symantec has seen the exploitation being used in targeted attacks since May, but it has been limited to users in Japan and the volume of attacks has been minimal.

The attacker can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign. When a user opens the malicious Ichitaro document file, arbitrary code is executed causing malware to be dropped onto the computer. Symantec detects the malicious document files as Trojan.Tarodrop.M. Files dropped by the exploit depend on the specific attack but are generally detected as Trojans, such as Backdoor.Specfix.

We continue to monitor this threat to improve coverage and will provide any relevant updates when possible. Symantec strongly advises users to update their antivirus definitions regularly and ensure the latest Ichitaro patch is installed.