The Trojan may arrive as a malicious email attachment.
When the Trojan is executed, it exploits a zero-day vulnerability (CVE-2013-3644) in JustSystems' Ichitaro.
Next, the Trojan may drop the following clean Ichitaro file:
The Trojan may then drop and execute the following file:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":