Called Nimda, the worm can spread in a multitude of ways. It can spread as an email attachment in the form of an executable file called readme.exe. The worm is activated by opening the attachment or automatically by using an exploit in Microsoft Outlook discovered last March. Once activated, the Nimda worm sends itself out to all the contacts in the infected user's e-mail address book.

But it can also seek out and infect web sites running Microsoft's Internet Information Server (IIS) as did the Code Red worm, which infected thousands of systems this past summer and caused an estimated $2 billion worth of damage.

Like Code Red, the worm jumps from web server to web server, but also comes with new tricks.

While Code Red defaced targeted Web sites, Nimda infects users when they download files from an infected web site, exposing computer files on the PC's hard drive. It will open the hard drive to the world as a shared file, letting others read, write and delete files, said Hypponen. Infected PCs that are behind a corporate firewall would be protected from external users getting access to files, but those files would be exposed to other people in the company.

Plus, users with infected systems may also infect web sites. "Not only do you have web sites infecting other web sites, as was the case with Code Red, but end users also can potentially infect web sites".

Fortunately, IIS users can stop the worm with the same security patch Microsoft issued to plug the flaw in IIS that Code Red exploited.

The worm appears to have originated in China, or else someone is trying to make it appear as though it is coming from that region, he added.

PC DoorGuard detects and cures "Nimda" and its clones. The usage is pretty strait- run it and delete any found infected files.

PC DoorGuard 3.0 (3.3Mb)
Download locations		EXE file
	USA (astonsoft.com)	Download
	USA 2	Download