new codered worm?

["^^ sang sang" <gauri2007 () hotmail com>]

uI got code red worm, which seems like new mutation. I am not sure whether 
it is new one. So please explain about that if you have any idea.

I found logs like below

1.      traced for ip address
2.      checked root.exe, which used to back door in previous code red worm
3.      /x.ida VVVVVVVVVVVVV  as new attack pattern
4.	This server is one that was contagious in previous code red attack, and 
it was already shut down. Accordingly, the attack was failed (Normally, IIS 
may stop when ida buffer overflow is failed) 

Also, it has log on print buffer overflow and it seems like being included 
in an automated script 

This is log 


2001-08-27 01:41:39 210.92.26.120 – X.X.X.X GET /scripts/root.exe 
/c+dir+c:\ 404 -
2001-08-27 01:41:39 210.92.26.120 – X.X.X>.X 80 GET 
/c/winnt/system32/cmd.exe /c+dir+c:\ 404 -
2001-08-27 01:41:39 210.92.26.120 – X.X.X.X 80 GET 
/d/winnt/system32/cmd.exe /c+dir+c:\ 404 -
2001-08-27 01:41:39 210.92.26.120 – X.X.X.X 80 GET /msadc/root.exe 
/c+dir+c:\ 404 -
2001-08-27 01:41:39 210.92.26.120 – X.X.X.X 80 GET 
/c/inetpub/scripts/root.exe /c+dir+c:\ 404 -
2001-08-27 01:41:39 210.92.26.120 – X.X.X.X80 GET 
/d/inetpub/scripts/cmd.exe /c+dir+c:\ 404 -
2001-08-27 01:41:39 210.92.26.120 – X.X.X.X 80 GET /x.ida 
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV=X 
200 -


_________________________________________________________________
MSN Explorer가 있으면 Hotmail 사용이 훨씬 편리해 집니다. 지금 
http://explorer.msn.co.kr/ 에서 무료로 다운로드하세요.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com