One e-mail service provider has captured more than 3,500 copies of the worm from inbound e-mail in the past 24 hours, placing Fbound at the top of its list of malicious code.
But security experts said the worm only spreads through e-mail and doesn't do any real damage to computers. Nor does it actually infect the systems, they said.
"This is a pure worm; it's not a virus," said Ryan McGee, product marketing manager with security-software maker Network Associates' McAfee division. "It doesn't actually do anything to the system that hosts it."
The worm arrives as an attachment "Patch.exe" in an e-mail with the subject "Important" or one of several Japanese-language subjects. The body of the message is empty.
When opened, the worm uses the Windows Address Book, the same list of addresses used by Outlook, to send copies of itself to others on the Internet. Then it deletes itself.
MessageLabs' antivirus measures captured more than 3,500 copies of Fbound from inbound e-mail in 24 hours, putting it at the top of its malicious-code list. The No. 2 virus, SirCam, had previously topped the list for several months since it began last August.
Despite the number of captured copies, McGee doesn't believe the worm will last much longer, because it doesn't actually store itself anywhere.
"It is fairly uncommon for a pure worm to be created and to exist for more than a couple of hours, because there is not residual memory of it that can be stored," McGee said.
MessageLabs agreed. "This is not going to be a huge deal," said John Harrington, U.S. marketing director for the Gloucester, U.K., company. "All it has is a little mass-mailing component."
The worm started spreading late last night, Harrington said, but by this morning, the rate of infections had already started dropping off.