Win32:Aliz

is one of the smallest Internet worms ever - it is about 4096 bytes long. Worm spreads via email, the message subject is chosen randomly (see later). Worm uses the same trick as Nimda or Klez, therefore it could be activated by viewing the message if you use Outlook and IE 5.01 or 5.5 without Service Pack 2. Worm does not infect any part of the system, when activated it only sends itself to all recepients from the Windows Address Book via implicit SMTP server. The name of the attached file is  WHATEVER.EXE.

The five different parts of the message subject is randomly composed from the following possibilities:
{Fw: | Fw: Re:} {Cool | Nice | Hot | some | Funny | weird | funky | great | Interesting | many} {website | site | pics | urls | pictures | stuff | mp3s | shit | music | info} {to check | for you | i found | to see | here | - check it} {!! | ! | :-) | ?!| hehe ;-)}

For example: "Fw: Nice website to check :-)":

Removal:

• if you find the file WHATEVER.EXE on your computer, delete it
• apply all security patches and service packs for Windows, Outlook and IE

Any avast! with VPS file dated on or after 25th June 2001 is able to detect this virus.