Was looking over our firewall logs today, and on a whim I decided to filter them for cmd.exe and get a rough idea how widespread code red / nimda still are...

We are still seeing 500 plus hits a day with cmd.exe to our webservers from 15 to 20 unique ip addresses.
Only a few of those addresses show up on multiple days...

thought someone might find this interesting.

IchNiSan