In recent months, we have seen a number of zero-day Microsoft Officeexploits used to drop Trojan horses on affected systems. The release ofthe exploits had been timed so that when Microsoft released theirpatches, a zero-day exploit surfaced the next day. The timing of thesereleases was noted by Symantec Security Response and it was speculatedthat the people behind these exploits had discovered multiplevulnerabilities in Microsoft Office and were holding back on releasingthem, in order to maximize the time-to-patch for each of their finds.
Today,we have seen another targeted attack on a document editing suite;however, this time around it is Justsystem's Ichitaro. Ichitaro is aword processing program widely used in Japan.
The malicious document uses a unicode stack overflow to execute itscode on the system, dropping and executing a Trojan horse namedBackdoor.Papi. When run, Backdoor.Papi copies itself to the %system%directory, creates a service named CAPAPI, and drops...
With a landmark of six million concurrent online users set last month, Skype’s active user base is growing quickly. With many worms now targeting other IM platforms, it looks to be only a matter of time before Skype becomes targeted as an infection vector. The presence of functionally strong features in the Skype API makes it a prime target for malicious code.
Towards the end of last year, Skype introduced a programming API with the intention of fostering a growing development community. Applications providing useful add-ons to Skype functionality and many hardware interfaces had been springing up over the previous months. Hoping to make development for these programmers less painful, introduce new add-ons to the product, and ultimately increase their market share in the face of the threats from Google Talk and Yahoo IM talk services, the Skype API was launched to capitalize on developer interest.
The Skype API allowed for stand-alone applications...
