Known as “Nimda” or “readme.exe,” a new worm spreads by sending infected e-mail messages, copying itself to computers on the same network, and compromising Web servers using Microsoft’s Internet Information Server (IIS) software. Infected Web pages may also download the worm to Web surfers’ PCs when they view the page.
Nimda started spreading early Tuesday morning and quickly infected PCs and servers across the Internet. It infects PCs running Windows 95, Windows 98, Windows Me and Windows 2000 and servers running Windows 2000.

The worm spreads by e-mailing itself as an attachment, scanning for–and then infecting–vulnerable Web servers running Microsoft’s Internet Information Server software, copying itself to shared disk drives on networks, and appending Javascript code to Web pages that will download the worm to Web surfers’ PCs when they view the page.

In the United States, about 130,000 Web servers and personal computers appeared to be infected with it as of Tuesday afternoon.

Editorial comment: Users and system administrators should update ther antivirus software and Internet Explorer browser, if appropriate (see
CERT Advisory).