New email worm selects native language for recipients

In what is believed to be the first of its kind, a new nondestructive computer worm has been found that apparently can email itself out in either English or Japanese, depending on the native language of the recipient.

          In what is believed to be the first of its kind, a new nondestructive computer worm has been found that apparently can email itself out in either English or Japanese, depending on the native language of the recipient.

          In an announcement yesterday, antivirus software and security company Central Command in Medina, Ohio, said the multilingual Internet worm, called W32/Fbound.C, is spreading rapidly around the globe by infecting address books in Microsoft Outlook and automatically sending itself out to all email addresses it finds.

          It's a typical worm in that it replicates in Outlook and sends itself out but is unique in being able to determine if an address it finds uses the .jp top-level domain name for Japan, says Steven Sundermeier, product manager at Central Command. "It's actually language aware," he says. "It is something kind of new."

          Users of other email applications aren't affected by this worm, he says.

          The message sent to unknowing recipients includes a subject heading that says "Important" in English or in one of 16 messages in Japanese, according to Central Command's posting. Also included is a file attachment called patch.exe. If executed by the recipient, the worm launches the emails to the Outlook address book entries but doesn't make file or Windows registry changes. No malicious payload is dumped into a user's computer.

          "To an unknowing English-speaking user, the attachment appeared as another security patch," Sundermeier says. The potential problem, though, is that the worm could be modified by another attacker and transformed into a destructive worm.

          Since being introduced yesterday, the worm has spread around the globe, causing thousands of infections so far, Sundermeier says. "If something this ordinary and plain can be so prolific, with a little 'social engineering,' it could go a long way" to cause problems, he says.

          Antivirus updates to protect against the worm have been posted by several software vendors, including Central Command and McAfee.

Join the newsletter!

Error: Please check your email address.

Tags worm

More about McAfee AustraliaMicrosoft

Show Comments

Market Place

[]