Discovered: May 22, 2001
Updated: February 13, 2007 11:48:18 AM
Also Known As: I-Worm.Aliz [Kaspersky], W32/Aliz.A [Frisk], WORM_ALIZ.A [Trend], W32/Aliz-A [Sophos], W32/Aliz@MM [McAfee], Win32.Aliz [Computer Associate
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.Aliz.Worm is a very simple SMTP mass mailer worm. The worm is written in assembly and is additionally packed.
The worm currently only replicates on Win9X machines. It doesn't seem to propagate on NT platform. The worm propagates by obtaining email addresses from the Windows Address Book and sending itself to those addresses.
When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at
http://www.microsoft.com/technet/security/bulletin/MS01-020.aspProtection
-
Initial Rapid Release version May 22, 2001
-
Latest Rapid Release version February 13, 2008 revision 035
-
Initial Daily Certified version May 22, 2001
-
Latest Daily Certified version January 25, 2008 revision 050
-
Initial Weekly Certified release date May 22, 2001
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Medium
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: Medium
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
Writeup By: Peter Szor
