Bird, as far as I can see, it does not apply to WIN98/ME users. It is for the mail/network servers, etc on WIN NT/2000.
UPDATE:
New Nimda worm info..... taken from three different webpages...
Sharon Ruckman, senior director of security response at Symantec Corp., said the virus is attacking in three different ways. It can arrive at a user’s PC via an e-mail with an attachment called “readme.exe.” If a user opens that attachment, Nimda then sends copies of itself to people in the victim’s address book, similar to Melissa or the LoveBug.
But the worm also starts scanning the Internet at that point, looking for vulnerable Web servers running Microsoft software, similar to Code Red.
And, if it worms its way onto a Web server, Nimda deploys a new attack strategy. It drops a file onto the Web site containing the malicious program. It then tries to automatically upload the infected file onto the machines of any visitors to the Web site.
By midday Tuesday, there were scattered reports of infected Web sites unknowingly uploading the virus to victims.
--------------------------------------------------------------------------------
RANDOM SUBJECT LINES
So far, most e-mails containing the worm include an attachment called “readme.exe.” But McGee said other attachment names have also been reported, suggesting the name is actually random. The subject line of the infected message and the body text in the message are also random — meaning Nimda-carrying e-mails arrive with no real distinguishing characteristics. That makes warning users extremely difficult.
And there are reports that this worm uses a new type of infection mechanism that attacks recipients even if they don’t open an attachment. UK-based GFI said in a research note that Nimda can infect users who view their e-mail through a reader that displays HTML, like Microsoft’s Outlook Express.
Antivirus research firm MessageLabs Inc. reported it had already trapped nearly 500 copies of the e-mail virus within hours after its discovery — a rapid rate of uptick compared to most viruses, but not to the epidemic levels of Melissa or the LoveBug
--------------------------------------------------------------------------------
Aliases:
NIMDA.A, W32/Nimda.A@mm
Description:
This is preliminary information. This description will be updated as more information becomes available.
This Trojan spreads via email with an attachment readme.exe. It drops the file mepXXXX.tmp in the C:\Windows\Temp directory, which is an eml format mail. This temp file contains the file attachment sent by the worm.
The typical name of the file attachment is readme.exe but there have been reports of file attachments with the extensions .wav and .com. Wininit.ini contains an entry that sets one of the mepXXXX.tmp files to a null value.
Trend Micro recommends that customers block all executable files at this time.
<P ID="edit"><FONT SIZE=-1>Edited by scruffy on 09/18/01 04:22 PM (server time).</FONT></P>