> > Just a worm looking for copies of IIS and hoping to exploit a buffer
> > overflow.  The requests start off with "GET /default.ida?NNNN..." and
> > are too large to be anything but a buffer overflow attempt.
> > 
> > The only article I've been able to find about the worm is at
> > http://www.newsbytes.com/news/01/168003.html?&_ref=923747745
> 
> http://www.securityfocus.com/templates/headline.html?id=12004

http://www.msnbc.com/news/602036.asp?cp1=1

Andy