Nimda Virus Hits A Computer Near You.

This is a HIGH RISK virus that can infect all unprotected home users and business users of Win9x/NT/2000/ME.

W32/Nimda@MM spreads via email, via shared drives, folders or files, and via infected HTM/L (Web) pages. In addition, it will look for IIS servers to infect via the Microsoft Web Folder Transversal vulnerability vulnerability (also used by W32/CodeBlue).

It is possible to activate the virus by viewing an infected email message within the Microsoft Outlook Preview Pane.

The email attachment name varies and may use the icon for an Internet Explorer HTML document.

Its main goal is simply to spread over the Internet and Intranet, infecting as many users as possible and creating so much traffic that networks are virtually unusable. It may also take up a large amount of space on your hard drive.

It will attempt to spread itself as follows:
The email messages created by the worm contain an attachment that can be executed even if the user does not open it and without the user’s knowledge.

It infects HTML documents. When the infected documents are accessed (locally or remotely), the machine viewing the page is infected.

When the virus finds an open share, it copies itself to each folder on the drive in .EML format. This can include the START UP folder.

The worm scans IP addresses looking for IIS servers to infect via the Web Folder Transversal vulnerability.

It tries to use the backdoor created by W32/CodeRed.c to infect.

It adds worm code to .EXE files.

Email addresses are gathered by extracting the email addresses from MAPI messages in Microsoft Outlook and Microsoft Outlook Express, as well as from HTM and HMTL documents.

Once infected, your system is used to seek out others to infect over the web. As this creates a lot of port scanning, this can cause a network traffic jam.

For more information at http://www.mcafee.com