Is anyone else noticing the following:-

1. Increased level of general IIS cmd.exe variants/ISAPI .ida attacks, (on every other day or so these are really high)

2. Some less common alerts surfacing, (bad HTTP/1.1 requests), from the same machine running some of those in 1.

3. And here's the kicker!!! WEB CGI ScriptAlias Access which is an attack against an Unix Server, (reference ), and I don't run any unix boxes but the attacking machine is running exploits against both Win32 and *nix.

They are automated attacks since they are coming in fast and looking like the usual Nimda/CodeRed sets of alerts until you notice the unusual ones. They don't seem to be from a fixed code worm of any kind since the exploits and their sequence vary so I'm thinking there might be some kind of kiddie tool published recently that allows you to check a bunch of boxes to run the selected exploits and it then shows you if you made a "hit". That would explain the *nix attacks in my IIS boxes 'cos I never saw that before in automated attacks.