It spreads through three different means; as an email attachment, a web defacement download, and by directly targeting machines by exploiting known IIS vulnerabilities such as the ones exploited by Code Red and Code Blue. There has been one report thus far of an Apache Server crashing due to Nimda terminating httpd processes. No further corroboration has been made that this worm may have in the inadvertent affect of creating a denial of service condition on Apache Servers.
Multiple sources have confirmed that this worm consumes a large amount of bandwidth and impairs performance on web servers as a result. It should be noted that this worm began to proliferate almost exactly a week since the terrorist activities began to take place in the United States.