W32.FBound.gen@mm

Risk Level 2: Low

Printer Friendly Page

Discovered: March 14, 2002

Updated: February 13, 2007 11:38:32 AM

Also Known As: W32.Impo.gen@mm, W32.Dotjaypee@mm, Win32/Japanize.Worm [CA], I-Worm.Zircon.B [AVP], Win32.Fbound.C [CA], W32/Fbound.c@MM [McAfee], W32/FBound-C [Sophos], WORM_FBOUND.A [Trend]

Type: Worm

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

This is a mass-mailing worm that uses the infected computer's SMTP server to send itself to all addresses in the Windows address book. It contains no payload. The email arrives with an attachment named Patch.exe. For addresses ending in .jp (Japan), there are 17 Japanese language subjects, one of which is randomly chosen each time.

NOTE: Definitions dated prior to March 14, 2002 may detect this worm as W32.Dotjaypee@mm.

Protection

Initial Rapid Release version March 14, 2002
Latest Rapid Release version August 20, 2008 revision 017
Initial Daily Certified version March 14, 2002
Latest Daily Certified version January 20, 2009 revision 048
Initial Weekly Certified release date March 14, 2002

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

Wild Level: Low
Number of Infections: More than 1000
Number of Sites: More than 10
Geographical Distribution: Medium
Threat Containment: Easy
Removal: Easy

Damage

Damage Level: Low

Distribution

Distribution Level: High

Writeup By: Peter Ferrie

Technical Details

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}

Learn more about Zero-Day / Operation Aurora / Hydraq