Backdoor Sneaks into Computers through Japanese Text Editor

Detroit, MI, August 29, 2006 --( Text files are perceived to be rather safe and harmless to download from the Internet or emails and open in one’s computer without much fear about Virus infection. But not for the users of Japanese text editor program Ichitaro, which saves files with ‘.JTD’ extensions.

Security experts at MicroWorld Technologies inform infected JTD files are smartly employed in exploiting a recently found vulnerability in Ichitaro, in order to spread a covert backdoor named ‘Win32.Papi.a’, thus orchestrating targeted computer attacks in the land of rising sun. Justsystems, the makers of Ichitaro, has issued a patch for the flaw, downloadable at

The backdoor penetration is carried out using a malicious JTD file that backpacks a Trojan Dropper named ‘Ichitaro.Tarodrop.a’. The Trojan Dropper exploits a Unicode Stack Overflow Vulnerability in the text editing software to execute its code on the system and to extract a backdoor named ‘Win32.Papi.a’.

Once activated, Win32.Papi.a installs itself in the system registry, initiates a Service named CAPAPI, drops its main DLL file which is then injected into the running processes of the compromised computer. It establishes a connection with the remote Server on port 8080 and listens for commands from the remote attacker.

The backdoor can harvest system information, stop and start processes, take screenshots of the desktop and send them to the attacker, download files from the net and execute them, capture network user information, log off current user, search disks for files, create and move directories and restart the victim’s machine. Using Win32.Papi the attacker takes over the targeted machine completely to conduct a range of online criminal activities.

“It’s not the first time text editors are used in smuggling malware into user computers. In May, we had reported about ‘Win32.Gusi’ that was spread via a specially created Word file that exploited a security flaw in Microsoft Word, which incidentally was reported the first time in Japan with the attacker possibly sitting in China,” says Sunil Kripalani, Vice President, Global Sales and Marketing, MicroWorld Technologies.

MicroWorld has developed the World’s most advanced Security Solutions, eScan and MailScan, that consistently maintain the fastest malware detection and prevention rate. Combining the superior AntiVirus System with its unique MWL technology, MicroWorld protects users from a range of zero-day threats of this nature.

The CEO of MicroWorld Technologies, Govind Rammurthy, gives a broader view on the issue “Trojans and Backdoors that exploit vulnerabilities in system and application software can spread quiet fast and deliver their payload without much of user intervention. They are like camouflaged infiltrators who sneak into your homeland and expand their deadly mission under the cover of darkness. And this particular case goes well to underline what we have been advocating all along, that users need to update timely security patches not just for their Operating Systems, but for application software programs as well.”


MicroWorld ( ) is the developer of the world's first Real-Time Anti-Virus and Content Security software eScan for desktops and servers. Its communication security software, MailScan is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time Proactive security for your systems. For network security of enterprises, eConceal Firewall is the latest powerful offering from MicroWorld.

To learn more, kindly visit

MicroWorld Technologies, Inc
Faisal Khan