PDA

Click to See Complete Forum and Search --> : Trend Micro Medium Risk Virus Alert - WORM_FBOUND.B

micael
March 14th, 2002, 07:55 AM
Trend Micro Medium Risk Virus Alert - WORM_FBOUND.B

Dear Trend Micro Customer:

WORM_FBOUND.B is currently spreading in-the-wild. This mass-mailing worm sends itself to all email addresses listed in the infected user's Windows Address Book (WAB). It arrives in an email with a subject line randomly chosen from a group of 17 Japanese language phrases, if the email address of the target recipient ends with .jp.

The details of the email it arrives with may be as follows:

Subject: Important <or random Japanese phrase>
Message Body: <blank>
Attachment: PATCH.EXE

WORM_FBOUND.B is detected by pattern file #241.

For more information on WORM_FBOUND.B please visit our Web site at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_FBOUND.B
hot_ice
March 14th, 2002, 08:06 AM
Thanks for the warning micael, I'll keep an eye out if it happens to find a way in my inbox.

Greg
micael
March 14th, 2002, 08:07 AM
Info from McAfee AVERT (NAI) .

Source: McAfee security. (http://vil.nai.com/vil/content/v_99386.htm)
Name: W32/Fbound.c@MM Status: Medium On Watch


Info from VirusEye (Messagelabs).


VIRUS ALERT

There is a new virus in circulation with the key details as follows:

The essential details are as follows:
· Virus name: W32-Fbound.C-mm
· Official name: Fbound.C-mm
· Number of copies seen so far: 2513+
· Time & Date first Captured: 14/03/2001, 2.55am GMT by MessageLabs
· Origin of first intercepted copy: Japan
· Number of countries seen active: 36
· Top three most active countries: Japan, Hong Kong, Taiwan

Key messages relating to the virus outbreak

· This is the first major outbreak this year.
· Currently the number stopped is rising, but due to it being non-polymorphic and that all the email says is “important” with no body text then the likelihood is that users will realise the threat and not open the attachment. There is nothing enticing the user to open the attachment.
· The attachment is encoded in a single base 64 encoded line, several thousand characters long. This may cause problems for some mail gateway/AV combinations. The worm may also be truncated or corrupted by other mail gateways which cannot cope with lines of this length.
· MessageLabs caught the virus on 14/03/2002 at 2.55am (GMT)

Technical Details:

· Subject title, attachment name and body text:

Subject: Important (or random text if it is a PC with Japanese supported platforms)

Text: (none)

Attachment: patch.exe

Virus Behaviour: Mass Mails only

Payload: none

For further information and up-to-date interception statistics please visit www.messagelabs.com