Nimda Snort Rules
Everyone and their brother has put out an advisory on NIMDA, the latest worm to thrash IExplore, Outlook Express, and IIS. This worm does a number of cute things that are well documented in the SANS advisory available here. Snort 1.8.1 included signatures to detect most of the attacks used by NIMDA already, but just incase you need a refresher the signatures are included.