The payload attempts to find server back doors left by Code Red and also tries to send copies of itself to all addresses in the Windows address book of the infected machine. The subject line of the e-mail varies, but the length of the file attached is (so far) a constant 57,344 bytes.
#HOW DOES A WORM VIRUS WORK SOFTWARE#
It executes thanks to a vulnerability (CERT CA-2001-06) that causes any e-mail software running IE 5.5 or earlier to run the payload automatically because of the false MIME type identification. The second part is marked as MIME audio/x-wav but is a binary executable named Readme.exe. One part purports to be a text file but doesn’t contain any text. Nimda appears to spread mainly through a two-part MIME-encoded e-mail attachment.
![how does a worm virus work how does a worm virus work](https://altitudeintegrations.com/wp-content/uploads/2011/06/cyber-security-1923446_960_720.png)
![how does a worm virus work how does a worm virus work](https://antivirusjar.com/wp-content/uploads/2019/09/HOW-COMPUTER-VIRUSES-SPREAD-e1569427276834.jpg)
At first, there was some confusion as to whether this was a hoax or possibly a variant of the Code Red worm. A fast-spreading worm that attacks both Windows IIS servers and Internet Explorer began wreaking havoc on the Internet on Tuesday morning, Sept.