WORM_ALIZ.A - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

WORM_ALIZ.A

Overview

Solution

Technical Details

Malware type: Worm

Aliases: Email-Worm.Win32.Aliz (Kaspersky), W32/Aliz@MM (McAfee), W32.Aliz.Worm (Symantec), W32/Aliz (Avira), W32/Aliz-A (Sophos), Worm:Win32/Aliz.A@mm (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows

Encrypted: No

Overall risk rating:

Description:

This non-destructive, mass-mailing worm propagates copies of itself via email. It arrives embedded or attached on HTML-based email as an executable file, WHATEVER.EXE.

The email this malware sends out exploits a known vulnerability in Internet Explorer-based email clients, specifically Microsoft Outlook and Outlook Express. This vulnerability executes the malware attachment without the recipient opening the email.

The details of the email that this worm sends out are as follows:

Subject: (Randomly selected from the words below)
FW:
Fw: Re:
Cool
Nice
Hot
some
Funny
weird
funky
great
Interesting
many
website
site
pics
urls
pictures
stuffs
mp3
shit
music
info
to check
you
I found
tosee here � check it�!!
!
:-)
?!
heh;-)
Message Body: peace
Attachment: WHATEVER.EXE

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 20, 2001 10:00:00 AM GMT -0800
Description updated: Nov. 24, 2001 3:45:00 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.