Backdoor Sneaks into Computers through Japanese Text Editor

Security experts at MicroWorld Technologies inform infected JTDfiles are smartly employed in exploiting a recently found vulnerability in Ichitaro,in order to spread a covert backdoor named  Win32.Papi.aÂ', thus orchestratingtargeted computer attacks in the land of rising sun. Justsystems, the makers ofIchitaro, has issued a patch for the flaw, downloadable athttp://www.justsystem.co.jp /info/pd6002.html

The backdoor penetration is carried out using a malicious JTD file that backpacks aTrojan Dropper named  Ichitaro.Tarodrop.aÂ'. The Trojan Dropper exploits a UnicodeStack Overflow Vulnerability in the text editing software to execute its code on thesystem and to extract a backdoor named  Win32.Papi.aÂ'.

Once activated, Win32.Papi.a installs itself in the system registry, initiates aService named CAPAPI, drops its main DLL file which is then injected into therunning processes of the compromised computer. It establishes a connection with theremote Server on port 8080 and listens for commands from the remote attacker.

The backdoor can harvest system information, stop and start processes, takescreenshots of the desktop and send them to the attacker, download files from thenet and execute them, capture network user information, log off current user, searchdisks for files, create and move directories and restart the victimÂ's machine. UsingWin32.Papi the attacker takes over the targeted machine completely to conduct arange of online criminal activities.

 ItÂ's not the first time text editors are used in smuggling malware into usercomputers. In May, we had reported about  Win32.GusiÂ' that was spread via aspecially created Word file that exploited a security flaw in Microsoft Word, whichincidentally was reported the first time in Japan with the attacker possibly sittingin China, says Sunil Kripalani, Vice President, Global Sales and Marketing,MicroWorld Technologies.

MicroWorld has developed the WorldÂ's most advanced Security Solutions, eScan andMailScan, that consistently maintain the fastest malware detection and preventionrate. Combining the superior AntiVirus System with its unique MWL technology,MicroWorld protects users from a range of zero-day threats of this nature.

The CEO of MicroWorld Technologies, Govind Rammurthy, gives a broader view on theissue  Trojans and Backdoors that exploit vulnerabilities in system and applicationsoftware can spread quiet fast and deliver their payload without much of userintervention. They are like camouflaged infiltrators who sneak into your homelandand expand their deadly mission under the cover of darkness. And this particularcase goes well to underline what we have been advocating all along, that users needto update timely security patches not just for their Operating Systems, but forapplication software programs as well.Â

MicroWorldMicroWorld (www.mwti.net ) is the developer of the world's first Real-TimeAnti-Virus and Content Security software eScan for desktops and servers. Itscommunication security software, MailScan is the first comprehensive e-mail scannerfor your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionarytechnology underlying these products, powering them to several certifications andawards by some of the most prestigious testing bodies, notable among them beingVirus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining theirpowerful scanner with MWL technology, MicroWorld solutions provide a Real-TimeProactive security for your systems. For network security of enterprises, eConcealFirewall is the latest powerful offering from MicroWorld.

For more information write to manish@mwti.net

Source: Express-Press-Release.com

Get RSS updates on latest computer technology and software related press releases Subscribe to this feed!  

You are welcome to include these headlines in your own pages. If you want to find out how to parse this RSS file please read our tutorial How to parse RSS feeds with PHP.