People running Web servers all over the place have a nice record of other folk running entirely dopey servers using IIS, Microsoft's fine piece of web-serving software.
Alas for the stupid folk who get hacked in this fashion as their server then makes itself known to the world by making lots of HTTP requests of random machines in order to try and compromise them.
For those of us not running Microsoft's fine wares, this leaves us with a list of machines steeped in fuckwittage.
I could just post a list of the machines which have atempted this on this server. However, much more fun to collate the information from a bunch of sites. So for now, here's our local list, and the collaborative/community bit will be on the way in a tick.
For a more sombre description about just what CodeRed is about, look at the CERT advisory (and this note for CodeRed II. The funniest response I have seen so far was listed in last week's NTKnow - www.dasbistro.com respond to a CodeRed attempt by using telling the exploited server to stop running IIS and then shutdown! (Minor irk as to whether the shutdown reaches the shutdown server, but hey).
So, how does this constitute Microsoft fuckwittage? Well they built and shipped a product with a pretty dopey hole in. Dopier still is the person who chooses to bet their business / service / reputation / data / privacy to something built by folk who have both a track record for releasing software with umpteen security holes and are simultaneously a great big zonking target to many by their perceived egregious behaviour. Reasonably accessible code which has spent a long time being looked at by a lot of smart people who know what they are doing and will talk about it would be a better choice.