McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Create Account | Login  | What is TrustedSource?
 
Home  Threats and Trends  McAfee Research Blog
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 

McAfee Research Blog

Malware Again Attacks Ichitaro Word Processor

March 16th, 2009

For years, the Japanese word processor Ichitaro has been attacked by malware authors exploiting flaws in the application. So it is no surprise that in the last week we discovered in the wild specially crafted Ichitaro document files exploiting a new vulnerability.

This time, the crafted file (detected as the Exploit-TaroDrop.g Trojan) drops and runs the Generic Dropper Trojan, which is responsible for dropping the BackDoor-DNW Trojan. The last attempts to connect “lightsut.com:80” and opens a backdoor to give attackers remote access to compromised machines. McAfee proactively detects Generic Dropper, which prevents users from being infected with BackDoor-DNW even with a non-patched copy of Ichitaro.

Detection alert of Japanese McAfee VirusScan Enterprise

The patch for this vulnerability has already been published by JustSystem. Ichitaro users should apply the update as soon as possible.

Back to McAfee Research Blog overview

McAfee Homepage | Contact | Privacy Policy

Copyright © 2007-2009 McAfee, Inc. All Rights Reserved.

ANY INFORMATION PROVIDED BY MCAFEE ON THIS BLOG ARE OFFERED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES, CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION CONTAINED IN OR LINKED TO AND NO RIGHTS ARE CONFERRED. BY USING THIS BLOG, YOU ASSUME ALL RISK FOR YOUR USE. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT MCAFEE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. MCAFEE HAS NO OBLIGATION TO POST BLOG SUBMISSIONS OR RESPONSES.