Japan has been hardest hit by the worm's outburst, which fortunately doesn't have a damaging payload, according to David Banes, regional manager of Symantec Security Response for Asia Pacific (SARC).
Symantec says it has had over a hundred new reports of the Aliz worm, which was first detected in May this year, in Japan.
-Occasionally a worm gets lucky again," Banes said. -Maybe it hit someone with a large address book in Japan and got a large distribution from there."
A mass-mailing worm, W32.Aliz spreads as an infected file attached to an e-mail with a varying subject line. The body of the email is blank with HTML formatting and the worm uses a MIME exploit, therefore the recipient doesn't even need to open the attachment, which is called whatever.exe, as the malicious code is immediately activated upon reading or previewing the infected e-mail.
The worm propagates by sending infected messages to all addresses found in the Windows Address Book
Information and a patch for this exploit can be found a at www.microsoft.com/technet/security/bulletin/MS01-020.asp
