Another exploit targeting a Japanese application is found today. This time, a free decompress tool, LHAZ v1.33, was used in a targeted attack. Maliciously crafted zip files could take advantage of an unidentified vulnerability in this tool and drops a BackDoor-CKB trojan.
Two months ago, we’ve published information about an exploit against a free LHA decompress tool, Lhaca which is quite popular in Japan.
Whilst these tools may not be as widely used as commercial tools, perception could be that such free tools are not worth targeting and are safe to use. Exploit-LHAZ.a is just a reminder that software, Windows or MacOS, English or localized, free, open source or commercial, are subjected to the same security threats.
More details of Exploit-LHAZ.a at http://vil.nai.com/vil/content/v_142976.htm.