The "Nimda" worm, which appears as an email with the attachment "readme.exe", spreads to both servers and PCs running Microsoft software and propagates itself by email, mailing itself to everyone in your address book. It also spreads through network shares - infecting file and print servers via anyone who has -write" access to them.
-She's a nasty little one," Trend Micro's Ian Bigwood told ZDNet Australia. -Some people are going to get infected [in Australia] for sure."
According to Bigwood, as most people these days are blocking executables, the spread of the worm should be controlled, However, for a worm that's not much more than five hours old, -It's still very early days," he said.
Nimda utilises Microsoft's Internet Information Server (IIS) directory, the same one utilised by the recent Code Red worm and launches an attack on other people's Web servers from your computer. -Those folks who haven't leveraged off the Microsoft security patch really need to do so," Bigwood said. -Hopefully a lot of people learnt from Code Red, especially on the Web server side."
Servers that are attacked will have Web pages modified so that additional JavaScript runs when you browse them. This script downloads a specially-encoded version of the virus onto your PC. According to anti-virus vendor Sophos, some versions of Microsoft Internet Explorer have a vulnerability which allows this file to run automatically -- as if you had received it in an email and launched it yourself.
For information on Microsoft security patches: www.microsoft.com/technet/itsolutions/security/current.asp
What a load...
This article says the worm isn't here at all
I admin a network and have been receiving scans since last night at about 11pm EST (sydney)
I'll admit I have seen no infections but the fact that it isn't here is a load... the way this worm spreads doesn't limit it an IP range or a geographical area.
I suggect the editor of this site takes a little more care before publishing stories such as this
my $0.02