Update: Win32.Aliz.worm

There has been a little excitement over Win32/Aliz this week. Small butconsistent numbers were being reported earlier in the week, but thesenumbers have picked up in the last couple of days. Aliz is a smallexecutable mass mailer that obtains victim addresses from the WindowsAddress Book. It then sends copies of itself as an attachment to e-mailmessages it sends via an SMTP mail server configured in the InternetAccount Manager.

The messages have Subject: lines composed by combining randomly chosenwords and phrases from several lists inside the virus but the attachmentis always named 'whatever.exe'. Aliz was discovered several months agoand most virus scanners have been able to detect it since late-July, soit is unusual that it has suddenly taken off as it has.

Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
http://securityresponse.symantec.com/avcenter/venc/data/w32.aliz.worm.html
http://www3.ca.com/Virus/Virus.asp?ID=10405
http://www.f-secure.com/v-descs/aliz.shtml
http://vil.nai.com/vil/virusSummary.asp?virus_k=99260
http://www.sophos.com/virusinfo/analyses/w32aliza.html
http://www.sarc.com/avcenter/venc/data/w32.aliz.worm.html