TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_TARODROP.AB
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Dropper.Ichitaro.Tarodrop.i (Kaspersky), Exploit-TaroDrop.d (McAfee), Trojan.Tarodrop.F (Symantec), TR/Drop.Ichitaro.Tarodrop.I.1 (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_TARODROP.AB Behavior Diagram

Malware Overview

This Trojan is a document file used by Ichitaro, a popular word processing application in Japan produced by JustSystem. It uses a .JTD extension name.

It exploits a known vulnerability in the aforementioned application, wherein it executes a shell code that lets it drop and execute an embedded .EXE file detected by Trend Micro as BKDR_AGENT.AIAJ. As a result, routines of the embedded backdoor are also exhibited on the affected system.

More information about the said vulnerability can be found on the following Web page:

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 13, 2007 7:40:52 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.