Nimda.e is a recompiled version of the original worm, Nimda.a. It functions in the same way as the original, but some of its files are renamed. What is entirely new to this version, however, is that the worm's author has included a message to the world, said Fred Fondreist, director of business development at antivirus company F-Secure.
In the worm's code the author has included something that reads like a copyright notice. He or she has also expressed frustration that the worm is being called Nimda, rather than "CV" or "Concept Virus", Fondreist said. There is an older, separate virus with the name Concept.
The worm is spreading quickly, and users are urged to patch their systems and update their antivirus programs, Fondreist said. F-Secure raised the threat level of the variant to the highest level, because of how far the worm has spread, he added.
However, other antivirus companies have yet to raise Nimda.e above a medium-level threat. Some have even ranked the worm lower.
Antivirus company Trend Micro has yet to see a significant spread outside of Asia, said spokesman David Perry.
If Nimda.e makes it into general circulation "it will not have the same punch as Nimda.a", said Perry. This is thanks to the high number of users who have applied patches, he added.
Nimda first caused problems for Internet users in September. The worm spreads itself as an e-mail attachment, through server-to-server Web traffic and hard drives on networks, and by automatically downloading infected files to users who browse Web pages hosted on infected servers.
Nimda exploits flaws in Microsoft's Internet Explorer Web browser and in the company's Internet Information Server Web server platform. Patches for both applications are available.
All the appropriate patches and upgrades offered by Microsoft can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/Nimda.asp