Skip to main content

Aliz: The Second Attempt Finds Fertile Ground

November 21, 2001

Aliz, the Internet worm detected in May, has brought forth an epidemic Kaspersky Labs, an international data-security software developer, warns users about the active spreading of the Internet worm, "Aliz." Reports of infection by this worm already have been reported in many countries throughout the...

Aliz, the Internet worm detected in May, has brought forth an epidemic

Kaspersky Lab, an international data-security software developer, warns users about the active spreading of the Internet worm, "Aliz." Reports of infection by this worm already have been reported in many countries throughout the world.

The worm's malicious code is spread via the Internet as an infected file attached to e-mail. The worm is a Windows attachment about 4K in length. An infected message contains:

Subject: varying
Body: empty HTML message
Attach: whatever.exe

The worm launches itself by taking advantage of a security flaw in the IFRAME e-mail client in the same way as the "Nimda" Internet worm. At the same time, the infected enclosure is automatically activated upon reading or viewing a message.

When an infected file is run, the unpacking routine takes control, unpacks the main worm code into the memory and jumps to it. The main code then sends infected messages to e-mail addresses found in WAB (Windows Address Book). To send e-mails, the worm connects by default to the SMTP server. The worm does not install itself to the system, and is not activated anymore, except in cases when a user clicks on an attached e-mail again. Namely, the worm is "one-time-only," and does not reveal its presence in the system. The worm's e-mail-spreading routine has several mistakes and flaws; therefore, it is incapable of spreading on the majority of e-mail client-server configurations.

"It is amazing that this virus could cause such a serious epidemic a full 6 months after having been detected. The reason for this is simple: users, as before, continue not to pay attention to the most basic computer-safety principles, falling in the same trap time and again. It is obvious that the many virus epidemics to date have not taught a basic lesson: a user should be extra careful with e-mail and install the proper patches thwarting security flaws in programs being used in a timely fashion," commented Eugene Kaspersky, Head of Anti-Virus research at Kaspersky Lab.

"Aliz" was detected and added to the Kaspersky Anti-Virus database on May 25, 2001. It is not necessary to update the anti-virus database in order to detect the latest "Aliz" version.

Aliz: The Second Attempt Finds Fertile Ground

Aliz, the Internet worm detected in May, has brought forth an epidemic Kaspersky Labs, an international data-security software developer, warns users about the active spreading of the Internet worm, "Aliz." Reports of infection by this worm already have been reported in many countries throughout the...
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases