Localized 0-day Once Again: Exploit-TaroDrop.e
Tuesday August 26, 2008 at 7:44 am CST
Posted by Shinsuke Honjo, Geok Meng Ong
One of the issues that we’ve been highlighting at our recent conference presentations and blogs was the emergence of major localized threats around Asia. McAfee Avert Labs discovered yet another unidentified vulnerability in the Japanese word processor , Ichitaro, last Friday.
This Japanese application have been known to be under the targeted attacks for several years and a few 0-day vulnerabilities were discovered and exploited in the past. Other than Ichitaro, other popular and localized applications are often targeted by 0-day exploits. We also frequently observe exploits targeting vulnerabilities, even months after they have already been patched by the vendor.
Users should continue to stay vigilant of any suspicious email attachments, and do not open unknown files. Please be sure to update your applications, whether it is popular or not, with the latest security patches to protect you and your organization from the known attacks.
These newly crafted malicious documents are detected as Exploit-TaroDrop.e trojan, and the payload as BackDoor-DRZ trojan in the 5368 DATs.
The vendor has acknowledge the vulnerability and will be posting a patch.
September 17th, 2008 at 2:26 pm
[…] McAfee(r) Avert(r) Labs releases a public advisory on the research blog. […]
December 9th, 2008 at 8:41 am
[…] We have lost count of how many blogs we have written this year that have anything to do with zero-day threats or unpatched […]