If a virus uses a language other than English, it is most often Chinese, German, Spanish, Portuguese or Russian, and sometimes Indonesian/Malay, Japanese or Thai. It is rare to find an Arabic-aware virus. At least we've thought so until now.

In the current trend where a worm that spreads through removable media is easily created and many types of Trojan horses such as Infostealer and Downloader are armored with worm capability, this beginner's worm has started to be developed in every corner of the world. Such a worm just spreads and does not get much attention from virus analysts, so we often give it a trivial name such as W32.SillyFDC.

W32.Alnuh, discovered on June 1, is a kind of W32.SillyFDC, as all it does is spread and then terminate some programs to protect itself. What is new is that it checks for some Arabic window titles to close as well as English ones. W32.Alnuh shows an English message "Please try to open - TaskManager - now" at the beginning. If you run Task Manager on English or Arabic Windows, Task Manager will be promptly terminated. W32.Alnuh closes Windows Task Manager, Registry Editor, Command Prompt and the Folder Options of Windows Explorer. These character strings are both in English and Arabic. The existence of English text made it easier to guess what was intended.

W32.Alnuh looks like just an experiment by the author. After they have done their "homework", they might step to the next stage to make a more complicated virus. There might be more Arabic-aware viruses in the wild than we think, simply because many of us do not notice Arabic words. But we are seeing more Arabic-aware viruses than a year ago. Before it becomes a surge, like the case of Chinese viruses, both security vendors and computer users in Arabic-speaking countries should prepare themselves.