Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Japanese Worm Spreading In The Wild - Sophos Issues Protection

Japanese Worm Spreading In The Wild - Sophos Issues Protection

by Nikola Strahija on March 15th, 2002 Sophos, a world leader in corporate anti-virus protection, is warning users to be wary of the new Bound worm (also known as W32/FBound-C) currently spreading in the wild. Sophos has received several reports of this worm from users, many of the early sightings coming from Asia.


The internet worm arrives as an email with the subject line 'Important' and has an attached file called 'Patch.exe'. Once activated, the worm will forward itself to everyone in the victim's email address book using its own SMTP routines.

When sending itself to an email address ending in .jp, the worm will use one of sixteen different subject lines - written in Japanese characters. This is a deliberate attempt to strike users in Japan as well as the English-speaking world.

"By pretending to be a security patch, this worm uses a tried and tested psychological trick to spread itself," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "The Bound worm is multilingual - unlike many viruses it can switch languages depending on who it is being sent to. This gives it the ability to cross international boundaries without creating suspicion."

For more information on W32/FBound-C and to download protection from Sophos Anti-Virus please visit:
http://www.sophos.com/virusinfo/analyses/w32fboundc.html

Sophos is continuing to analyse W32/FBound-C and will post more information on its website as it becomes available.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »