> Anyone seen this before? [snip] This is the IIS worm 'Code Red'. See Buqtraq archives at the following URI for a fill analysis: http://www.securityfocus.com/templates/archive.pike?fromthread=0&list=1&star t=2001-07-15&threads=0&mid=197828&end=2001-07-21& I've seen about 20 or so requests for this tonight on our backwater unpublished webserver. It's spreading pretty fast. TTFN, Ronny