Last time we blogged about Ichitaro, it was during the cherry blossom season in Japan earlier this year. The season for autumn leaves is on the way as is a patch for a new Ichitaro vulnerability. Earlier today, JustSystems announced that its Ichitaro software has a vulnerability and instructed users to patch it with the latest update module available. At Symantec we have confirmed that there is malware in the wild exploiting this vulnerability. Symantec security software detects this malware as Trojan.Taradrop.K. It was previously detected as Trojan.Tarodrop.
The attack so far has been limited, but we recommend that Ichitaro users apply the update module as soon as possible. Affected systems include versions 2004 through to 2010.