For the rest of us, here's a more palatable version:
Nimda is a multi-vector virus. It can infect via email, by visiting an infected website, by seeking out vulnerable servers on the Internet and uploading its files to it, or via a network. What makes Nimda unique is that it is the first worm that actually infects other files. Typically, a worm just makes carbon-copies of itself, all over the hard drive or, in modern times, through email to others. Nimda, however, sticks its code into executable (.EXE) files found on the local drives. This translates into one very wily worm, that can lurk most anywhere and infect most anyone (provided they are running Microsoft Windows (95/98/NT/2000/ME) on their PCs or Microsoft IIS server software on their websites).
Nimda's penchant for seeking out vulnerable servers creates a virtual traffic jam on the Internet. The web servers are so busy deflecting (or accepting) Nimda's probes, that others on the Internet notice a slowdown. In some cases, the server itself comes to a halt. This activity is known as a Denial of Service (DoS) attack. Everyone who's infected with Nimda participates in this increased traffic, with their compromised systems busily seeking other systems to compromise. And that's just the beginning.
Nimda also emails itself out to others, arriving in an email with an attachment named "README.EXE". Don't open the attachment, you think? For users of Microsoft Outlook and Outlook Express, who also happen to be using Internet Explorer version 5.01 or 5.5 (click Help | About in Internet Explorer to discover your version) Nimda infects simply by reading the email. Actually, in the case of Outlook Express, it infects simply by you previewing the email in the Preview Pane. While this was resolved some time ago in Microsoft Security Bulletin MS01-020 many users still have not installed this necessary patch. If you aren't sure how to interpret your version number to see whether you need the patch, Microsoft has a helpful page to help you determine the exact version.
Users of other mail clients aren't immune either. The difference is, the user will have to actually open the attachment themselves. Unfortunately, history has shown that a large percentage of people, when presented with an email attachment, simply cannot resist opening it. No matter how the file is opened - by your mail client or by you - once opened you will become infected. And, of course, your system will then email the worm to others and you will become a participant in the above mentioned Denial of Service attack.
When a web server becomes infected, not only are files compromised by the virus, the whole server is. Basically, the worm assigns administrative rights to what's known as a "Guest" user - and no password is supplied. It also shares the drives with the rest of the world, leaving the system open for all to view. It does this on a PC as well, making confidentiality breaches and compromised security an unpleasant side affect of this worm. Of course, the newly infected server also joins in with all the other infected PCs and servers on a seek and infect mission. Needless to say, within a very short time that's a lot of background noise in an already constricted pipeline.
Now remember, this is all the basics in very basic language. For the real nuts and bolts of this threat, you'll need to read the article, Email Worm Launches Attack. You'll see from reading that (and perhaps this) just how complicated Nimda is. And that has led to some very common misconceptions.
Next page: Common Misconceptions
