Originally posted here by h3r3tic
It is most likely someone from this site, as it is the only place I post a link. So these worms, is it like a tool to break in to a website or what. I guess I need to read up on them.
Not necessarily. Code Red generates propogation lists randomly. (one variation is more successful at this than the other). You might want to check out CERT's Code Red Advisory and CERT's Code Red II Advisory for more details. I've also included CERT's Nimda advisory (although if it is a worm, I'd hedge my bets more towards Code Red than nimda).

stanger is probably correct in that it is likely an IIS scanner or some other vuln scanner (nessus perhaps?). Generally, the worms have larger footprint for single packets.

While you may not be running Apache, there is reason to be concerned. Someone now knows you run something with a port that accepts http requests. Securing the box would be a good next step (although might be better as a good first step.. )