There are 3 main ways nimda spreads. Attachments (Not an automatic infection, unless you use an older version of Outlook), ISS (Automatic infection if it is able to come in via this channel, but if you have a recent version/no version at all, then it cant get in this way), and via a network (MAY be an autmatic infection, it does some realy funky things).
One guy was distributing nimda all thorughout the campus network. After tracking him down several times and attempting to get him to fix it (only being told to f*** off), I "fixed" it for him. You see, nimda shares your HD under the guise of "c$". It was a simple matter to add a deltree *.* /y to his autoexec.bat, and crash his computer so he had to reboot.
Armani
Facebook
Twitter