I-Worm.Aliz, W32/Aliz@MM, W95/Aliz.A,W32.Aliz.Worm
Sent by email.
The email subject is made out of words from the following five groups:
group 1: Fw: Fw: Re:
group 2: Cool Nice Hot some Funny weird funky great Interesting many
group 3: website site pics urls pictures stuff mp3s shit music info
group 4: to check for you i found to see here - check it
group 5: !! ! :-) ?! hehe ;-)
For example "Fw: Cool pictures - check it!"
When received, the worm uses MIME, so that it is activated when the email is read or previewed.
W32/Aliz is an SMTP mass mailer worm, written in assembly and packed. The worm copies itself only on Win9X operating systems. It can not make copies on NT platforms. It takes from Windows Address Book the addresses it sends emails to.
When the email is received, the worm uses MIME to be activated when the email is read or opened. You can find information about this procedure at:
The worm has its own SMTP engine to send emails to an SMTP server. It finds the SMTP server address in the victim's "Internet Manager Account" registry key. The worm obtains the email address from WAB (Windows Address Book), using the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name
说明添加者： Crony Walker 打开 2004年6月15日星期二