My last remaining IIS server was attacked by this.
Someone was nice enough to write a worm that infects solaris
machines and uses them to attack IIS machines so most of the
attempts are not from an individual but from a program.
The nice thing about that is that since I had organized my IIS
server with different folders from normal it blindly stuck it's
files in the wrong place. I got lucky.
If you ever want to scare an IIS administrator just tell them to
search google for "iis exploits", "apache exploits", and maybe
"aolserver exploits". I don't want to have to spend 4 hours of each
day searching the web for any new exploits for this closed source
product. (If your program had as many holes as theirs you'd want
the source to be closed also)
If you're running IIS and you're not using exe files directly I
recommend associating the .exe extension with a useless program. (I
assumed hostname.exe would be safe). Not a bad idea to do this to
.bat files as well. and of course removing any script mappings you
are not using.
