Malware type: Trojan

Aliases: Trojan-Dropper.Ichitaro.Tarodrop.e (Kaspersky), Exploit-TaroDrop (McAfee), Trojan.Tarodrop (Symantec), BDS/Papi.A (Avira), Troj/Tarodrop-A (Sophos), TrojanDropper:Win32/Controlwrd (Microsoft)

In the wild: Yes

Destructive: No

Language: Japanese

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan is a document file of Ichitaro, a popular word processing application in Japan produced by Justsystem. It arrives as a file dropped by another malware. Note that its extension name is JTD.

It drops and executes an embedded .EXE file, detected by Trend Micro as TSPY_PAPI.A. The information-stealing routine of this dropped spyware are then exhibited on the affected system.

After this Trojan runs the abovementioned spyware, it replaces its executed copy with a non-malicious .JTD file with the same file name. The said action is done so as to prevent the affected user from suspecting its malicious routine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 16, 2006 11:11:36 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.