FRISK Software International

Summary of W32/FBound.C@mm
Length: approx 12KB
Discovered: 14 Mar 2002
Definition files: 14 Mar 2002
Risk Level: Low
Infection Method: Mass mailing.
Jump to:
Brief description
Technical description

Brief Description

When executed the worm extracts the SMTP information and the userís email address from the registry. Then it goes through the Windows address book and sends itself to the email addresses it finds.

Technical Description
The worm sends an email with an attachment called patch.exe, the body is empty.
If the email address contains ".jp" then it selects one of 16 possible subject lines else it uses the subject "Important". The worm encodes the message in such a way that it violates RFC Base64 encoding rules.
The code body includes this text:

XXXXX I-Worm.Japanize XXXXX

When the sending process is over the worm terminates and won't run again unless the user executes it again. It does not change any registry settings nor adds a run line to a startup file.

FRISK Software International's Viruslab Team

Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Virus news and information directly to your desktop.
Definitions of common antivirus terminology.
For further virus information, please try our partners' websites:


perComp Verlag
(in German)