Found this (while in a break watching Enterprise) on Microsoft's site.
Summary: A new worm, officially called W32/Nimda@MM, is circulating on the Internet and affecting large numbers of customers using Windows operating systems. Microsoft is working with the anti-virus community and other security experts to thoroughly investigate the worm. If you haven't already installed the appropriate updates and/or patches, your computer can become infected.
The official name of the worm is W32/Nimda@MM, but it is generally referred to as the "Nimda" worm. It attempts to spread via three different means:
- Email: Infected machines attempt to spread the infection to other users by sending copies of the worm via email.
- Web servers: Infected machines attempt to pass the infection to web servers by either locating an already compromised server, or by exploiting a known security vulnerability in Internet Information Server. Once infected, a web server will attempt to infect the machines of any users that visit it.
- File shares: Infected machines will search for systems that have been configured to allow anyone to add files to them and, upon finding such a machine, will insert infected files onto it.
View: Information on the "Nimda" Worm
Also, from Wininformant, found this... The aggressive Nimda virus/worm has caused widespread site shutdowns and Internet service interruption, but according to security experts, the real cost of this hacker attack--which uses four different known vulnerabilities in Microsoft's IIS Web server--will come during the eradication phase.
To aid in this effort, Winternals Software is offering a utility that will help eliminate the Nimda virus/worm on Windows 2000/NT systems without requiring the system to be wiped out first. The company's NTFSDOS Professional works with leading virus scanners to clean and repair systems attacked by Nimda.
News source: Winternals info on Nimba
