Summary
Summary
Action- More Information
| Included in our products from | May 2002 (3.57) |
|---|---|
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing worms.
More Information
W32/FBound-C is an internet worm which sends itself to everyone in the user's address book, using its own SMTP routines.
The worm arrives in an email which will have the following characteristics:
Subject line: Important
Attached file: Patch.exe
The message body of the email will be blank.
Please note: When the worm sends itself to an email address ending in .jp (signifying Japan) the worm will use one of 16 different subject lines using Japanese characters. The Japanese versions of the subject lines translate as:
- Re: matter in question
- Re: important
- Re: long time no see
- Re: top secret
- Re: Hello
- Re: important notice
- Re: materials
- matter in question
- important
- long time no see
- top secret
- Hello
- important notice
- materials
- frog
- shit
The worm does not have a destructive payload, does not change any Registry keys and does not drop any files.
Infected files are 12228 bytes in length. However, because there is a bug in the worm which means that because it does not comply with SMTP encoding standards it may sometimes bounce when it emails itself or may arrive in a non-working truncated form.
|
