Japanese speaking worm spreading in the wild - Sophos issues protection

Sophos Press Release

Sophos, a world leader in corporate anti-virus protection, is warning users to be wary of the new Bound worm (also known as W32/FBound-C) currently spreading in the wild. Sophos has received several reports of this worm from users, many of the early sightings coming from Asia.

The internet worm arrives as an email with the subject line 'Important' and has an attached file called 'Patch.exe'. Once activated, the worm forwards itself to everyone in the victim's email address book using its own SMTP routines.

When sending itself to an email address ending in .jp, the worm uses one of sixteen different subject lines - written in Japanese characters. This is a deliberate attempt to strike users in Japan as well as the English speaking world.

"By pretending to be a security patch, this worm uses a tried and tested psychological trick to spread itself," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "The Bound worm is multilingual - unlike many viruses it can switch languages depending on who it is being sent to. This gives it the ability to cross international boundaries without creating suspicion."


More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.