GEN:SID 1:1290
Message WEB-CLIENT readme.eml autoload attempt
Summary An internet page from an external webserver contained code to load and run readme.eml, which is used as an Infection Vector for the nimda worm.
Impact The Source Address is likely infected with the Nimda worm. The destination, without adequate AntiVirus protection and the proper patches, may now be infected and may attempt to infect other hosts using this or any of the other infection vectors that the Nimda worm uses.
Detailed Information More information, including links to other third parties, can be found at CERT http://www.cert.org/advisories/CA-2001-26.html
Affected Systems  
Attack Scenarios  
Ease of Attack Nimda is a worm, so the attack is automated. Exposure of unprotected systems to the internet has been know to result in an infection within 15minutes.
Corrective Action Ensure all servers within your domain are protected to the appropriate patch-levels to mitigate infection and spread of the Nimda worm. Ensure network clients in your domain are also appropriately patched and are running up to date AntiVirus software. The Nimda worm specifically only affects Microsoft Operating Systems.
Additional References  
Rule References url: www.cert.org/advisories/CA-2001-26.html