A new worm thought to originate in Japan is unlikely to do much damage in Australia because people are becoming more cautious about opening executable files, according to antivirus experts.
"The Fbound worm requires people to open an executable file, and people just don"t do that anymore unless they"re absolutely certain what the file is," said John Donavon, managing director of Symantec.
"It"s not carrying a payload that we can discern, and it"s not setting up a backdoor that we can discern," said Donovan. "The only damage it can do is via the self-replication, which can create denial of service attacks, but that"s unlikely to happen with this one."
Fbound can recognise the top-level national domain and adjust its language accordingly, using either Japanese or English. The subject line in English is simply "Important", while the Japanese version uses one of 17 randomly chosen Japanese-text messages. The body of the e-mail is empty.
The worm uses the infected SMTP server to send itself to all addresses in the Windows Address Book, and then deletes itself. Fbound is also referred to as W32.impo.gen@mm and was previously known as W32.dotjaypee@mm.
Symantec reports that between 50-1,000 of its users have been infected globally, mostly concentrated in Japan, with "a handful" of Australians affected. Other reports cite an e-mail service provider capturing 3,500 copies of the worm from inbound e-mail in 24 hours, placing Fbound at the top of the list for malicious code.
It is widely accepted that because the worm does not actually store itself anywhere, it is unlikely to last too long.