Japanese Worm Spreading In The Wild – Sophos Issues Protection

Sophos, a world leader in corporate anti-virus protection, is warning users to be wary of the new Bound worm (also known as W32/FBound-C) currently spreading in the wild. Sophos has received several reports of this worm from users, many of the early sightings coming from Asia.

The internet worm arrives as an email with the subject line ‘Important’ and has an attached file called ‘Patch.exe’. Once activated, the worm will forward itself to everyone in the victim’s email address book using its own SMTP routines.

When sending itself to an email address ending in .jp, the worm will use one of sixteen different subject lines – written in Japanese characters. This is a deliberate attempt to strike users in Japan as well as the English-speaking world.

“By pretending to be a security patch, this worm uses a tried and tested psychological trick to spread itself,” said Graham Cluley, senior technology consultant at Sophos Anti-Virus. “The Bound worm is multilingual – unlike many viruses it can switch languages depending on who it is being sent to. This gives it the ability to cross international boundaries without creating suspicion.”

For more information on W32/FBound-C and to download protection from Sophos Anti-Virus please visit:

http://www.sophos.com/virusinfo/analyses/w32fboundc.html

Sophos is continuing to analyse W32/FBound-C and will post more information on its website as it becomes available.

Graham Cluley is available for comment