-The Fbound worm requires people to open an executable file, and people just don't do that anymore unless they're absolutely certain what the file is," said John Donavon, managing director of Symantec.
-It's not carrying a payload that we can discern, and it's not setting up a backdoor that we can discern," said Donovan. -The only damage it can do is via the self-replication, which can create denial of service attacks, but that's unlikely to happen with this one."
Fbound can recognise the top-level national domain and adjust its language accordingly, using either Japanese or English. The subject line in English is simply -Important", while the Japanese version uses one of 17 randomly chosen Japanese-text messages. The body of the e-mail is empty.
The worm uses the infected SMTP server to send itself to all addresses in the Windows Address Book, and then deletes itself. Fbound is also referred to as W32.impo.gen@mm and was previously known as W32.dotjaypee@mm.
Symantec reports that between 50-1,000 of its users have been infected globally, mostly concentrated in Japan, with -a handful" of Australians affected. Other reports cite an e-mail service provider capturing 3,500 copies of the worm from inbound e-mail in 24 hours, placing Fbound at the top of the list for malicious code.
It is widely accepted that because the worm does not actually store itself anywhere, it is unlikely to last too long.
Some one or thing has been trying to send me
W32.Klez.gen@mm worm or what ever it is. Is has the email address stargazer29@start.com.au , but the email comes from somewhere else. I have sent the person on the return path a warning, but still it keeps getting sent. I have even had some sent back to me with my name where is says From:
But I never sent it.
It has been sent about 10 times or more