The first is the one that has become most common in recent times -- mass mailing. An e-mail message will show up in a mailbox; usually with a garbled subject line and no text. There will be an attachment which looks like a .WAV file, but in fact links to an executable called "readme.exe". Nimda will attempt to exploit the usual Outlook vulnerabilities. These entail instances where the default options allow the software to launch attached files without user interaction. (Always a bad idea.) Thus, even previewing the message can trigger the worm.
|Other Recent Datamation Security Stories|
|Preventing SirCam From Worming Through Your Server 8 Keys To A Sane Security Strategy -- Steve Andriole Death. Taxes. Virus Protection? Companies Confront Rising Network Threats|
Assuming you have been updating Outlook with the security patches and checking the settings, this should not be a problem so long as your users have been advised about all kinds of attachments and are conscientious.
As with Melissa, the worm, once run, can send messages to every sender currently in your In Box and/or address book, as well as reply to the sender of the virused message itself.
window.open("readme.eml", null, "resizable=no,top=6000,left=6000")
The third delivery method is Web-based. Like the Code Red Worm of a few months ago, Nimda sends its code over Port 80 as a HTTP request, attempts to copy itself to unpatched Microsoft IIS web servers, which in turn will allow the worm to run on those machines.
The consequences of being struck by Nimda are nasty and annoying, but not particularly destructive. Outside of the obvious fact that your security has been compromised, the greatest annoyances will be the potential flooding of your e-mail gateways and the DoS. Once the virus has been eradicated, these will go away. If your intranet or Internet pages use standard page formats, they may be compromised with the code mentioned above.