fast-spreading e-mail worm, possibly from Japan, is encircling the globe and flooding e-mail servers with excessive messages. Fbound (w32.fbound.c@mm, also known as Zircon.C, DotJayPee, Fbound.b) is 12,288 bytes in length, and, unlike other recent worms, does not install itself on the infected machine but instead runs from memory. Mac and Linux users are not affected. Fbound is capable of sending large amounts of e-mail but does not damage or delete files on the infected computer. Because of the increasing reports of this worm around the world, Fbound currently ranks a 6 on the ZDNet Virus Meter. How it works Fbound arrives by e-mail with the subject line "Important." If the recipient's computer language is set to Japanese or if the recipient's e-mail address ends with .jp, the subject line is chosen from 16 Japanese-language subject lines contained within the worm. There is no body text associated with this worm. The attached file is named patch.exe. If the attached file is opened, Fbound locates the infected user's SMTP server and e-mail address. Then the virus loads itself into memory and sends copies of itself to addresses found in the Windows Address Book. Unlike many worms, Fbound doesn't install itself on an infected computer, nor does it add or change any registry files. Once the worm has been run, it will not run again. Because Fbound encodes all of its code into one line and does not comply with SMTP encoding, it may sometimes bounce e-mails it sends or arrive as a noninfectious e-mail. Code within Fbound contains the following message: "I-Worm.Japanize." Prevention Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installed the Security Update should be safe from the attached EXE file in Fbound. Users who have not upgraded to Outlook 2002 or who have not installed the Security Update for Outlook 2000 should do so. In general, do not open e-mail attachments without first saving them to hard disk and scanning them with updated antivirus software. Contact your antivirus vendor to obtain the most current antivirus signature files that include Fbound. Removal Almost all of the antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, Computer Associates, F-Secure, Kaspersky (known here as Ziron.c),McAfee, Norman, Panda, Sophos, Symantec (known as Dotjaypee), and Trend Micro (known here as Fbound.b).