> I've just noticed a ton of activity in my apache log files. Anyone else > getting hit? Looks like another IIS or win32 exploit: > > 208.191.208.88 - - [18/Sep/2001:20:52:04 -0500] "GET > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 278 Yup. Supposedly, its taking advantage of some stuff left over from the Code Red worm.