14 Mar 2002
Japanese speaking worm spreading in the wild - Sophos issues protection
Sophos, a world leader in corporate anti-virus protection, is
warning users to be wary of the new Bound worm (also known as
W32/FBound-C) currently spreading in the wild. Sophos has received
several reports of this worm from users, many of the early
sightings coming from Asia.
The internet worm arrives as an email with the subject line
'Important' and has an attached file called 'Patch.exe'. Once
activated, the worm forwards itself to everyone in the victim's
email address book using its own SMTP routines.
When sending itself to an email address ending in .jp, the worm
uses one of sixteen different subject lines - written in Japanese
characters. This is a deliberate attempt to strike users in Japan
as well as the English speaking world.
"By pretending to be a security patch, this worm uses a tried
and tested psychological trick to spread itself," said Graham
Cluley, senior technology consultant at Sophos Anti-Virus. "The
Bound worm is multilingual - unlike many viruses it can switch
languages depending on who it is being sent to. This gives it the
ability to cross international boundaries without creating
suspicion."
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.