Japanese Text Editor Reports Flaw

Text files can be safely downloaded from the Internet or can be received via e-mails without causing any harm. They do not create much virus infection.

Recently Ichitaro, a Japanese text editor program has been found to have a flaw that is vulnerable to infected JTD files. Security experts at 'Microworld Technologies' informed that it spread a hidden backdoor thus landing with attacks on targeted computers Japan.

The Japanese software firm, JustSystems generated Ichitaro , which is a program written in word . Japan's central as well as local governments, and educational institutions have been widely using it. anti-virus vendor Symantec has warned that attackers are exploiting the undocumented vulnerability in Ichitaro.

A malevolent JTD file that supports a 'Trojan Dropper' named 'Ichitaro.Tarodrop.a' helps to carry out the backdoor penetration. The Trojan Dropper exploits Ichitaro's 'Unicode Stack Overflow' vulnerability and executes its code on the computer to create a backdoor named 'Win32.Papi.a'. The 'Infostealer.Papi' Trojan is installed on the system by 'Tarodrop', which penetrates through the text editing flaws in the software. The Trojan replicates in the system's own directory and designs a service called CAPAPI leaving an additional DLL file, which in turn performs the malevolent function.

The DLL file subsequently generates a copy that injects itself into every running program where it gathers system information to transmit it all to the Trojan's authors at 'pop.lovenickel.com'. The backdoor Trojan does many things, that include collecting system information, stopping and starting programs, taking screenshots of the desktop and sending them to the hacker, downloading and installing files from the Internet, seizing network user information, logging off from the user, searching disks for data files, creating and shifting directories and restarting the user's machine. The attacker uses the Win32.Papi to capture the targeted machine totally and then conducts a series of online frauds.

Exploiting the flaw could result in a buffer overflow and execution of the code. Justsystems has made a patch for the flaw in Ichitaro. It fixes vulnerabilities in Ichitaro 9.x through 13.x and Ichitaro 2004 through 2006. Security researcher, Secunia has rated the flaw highly critical. It has posted an advisory on Monday saying that soon there would be a patch for the Linux version.

Related article: Japanese PCs Found Involved in Cyber-Attack against SK

» SPAMfighter News - 8/29/2006