Results 1 to 3 of 3

Thread: Trend Micro Medium Risk Virus Alert - WORM_FBOUND.B

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Trend Micro Medium Risk Virus Alert - WORM_FBOUND.B

    Dear Trend Micro Customer:

    WORM_FBOUND.B is currently spreading in-the-wild. This mass-mailing worm sends itself to all email addresses listed in the infected user's Windows Address Book (WAB). It arrives in an email with a subject line randomly chosen from a group of 17 Japanese language phrases, if the email address of the target recipient ends with .jp.

    The details of the email it arrives with may be as follows:

    Subject: Important <or random Japanese phrase>
    Message Body: <blank>
    Attachment: PATCH.EXE

    WORM_FBOUND.B is detected by pattern file #241.

    For more information on WORM_FBOUND.B please visit our Web site at:

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Thanks for the warning micael, I'll keep an eye out if it happens to find a way in my inbox.

    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Info from McAfee AVERT (NAI) .

    Source: McAfee security.
    Name: W32/Fbound.c@MM Status: Medium On Watch
    Info from VirusEye (Messagelabs).


    There is a new virus in circulation with the key details as follows:

    The essential details are as follows:
    · Virus name: W32-Fbound.C-mm
    · Official name: Fbound.C-mm
    · Number of copies seen so far: 2513+
    · Time & Date first Captured: 14/03/2001, 2.55am GMT by MessageLabs
    · Origin of first intercepted copy: Japan
    · Number of countries seen active: 36
    · Top three most active countries: Japan, Hong Kong, Taiwan

    Key messages relating to the virus outbreak

    · This is the first major outbreak this year.
    · Currently the number stopped is rising, but due to it being non-polymorphic and that all the email says is “important” with no body text then the likelihood is that users will realise the threat and not open the attachment. There is nothing enticing the user to open the attachment.
    · The attachment is encoded in a single base 64 encoded line, several thousand characters long. This may cause problems for some mail gateway/AV combinations. The worm may also be truncated or corrupted by other mail gateways which cannot cope with lines of this length.
    · MessageLabs caught the virus on 14/03/2002 at 2.55am (GMT)

    Technical Details:

    · Subject title, attachment name and body text:

    Subject: Important (or random text if it is a PC with Japanese supported platforms)

    Text: (none)

    Attachment: patch.exe

    Virus Behaviour: Mass Mails only

    Payload: none

    For further information and up-to-date interception statistics please visit www.messagelabs.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts