> > Just a worm looking for copies of IIS and hoping to exploit a buffer > > overflow. The requests start off with "GET /default.ida?NNNN..." and > > are too large to be anything but a buffer overflow attempt. > > > > The only article I've been able to find about the worm is at > > http://www.newsbytes.com/news/01/168003.html?&_ref=923747745 > > http://www.securityfocus.com/templates/headline.html?id=12004 http://www.msnbc.com/news/602036.asp?cp1=1 Andy