My Red Hat web server (logjamming.com) gets nailed CONSTANTLY with attempted IIS exploits like what you guys are describing. Seems to be some left over code red variants that infected unknowing peoples computers and they are used as bounce points for exploit attacks. We've tracked the attacking hosts down at least 5 times to find it was some guy at a university or business who had no idea his machine was infected. Incredibly annoying.