I second that. Nimda was the worst virus I've ever personally dealt with. At the time, I was a network admin in my university, and by the time I showed up to work that morning, our primary domain controller was full of millions of readme.txt.js files, half of the grad students workstations were infected, and a mob of angry students and professors were pounding at our door wondering where's the network.
Turns out, Nimda found its way into our network through a grad student's rogue unpatched IIS server. Once inside the network, it found every SMB share on the network and exploited a Windows flaw to get into each of those systems. It was impressive and scary to see quickly it wreaked its havoc, and how many different weaknesses it exploited to spread itself. It took us a couple of days to get everything back to normal, after being saved by tape backups.