Well an alert would be much better then the player locking. Especially on a Sunday when it's interrupting my music constantly.

My Nimda detector is a perl script that runs against the web logs of one of my servers here. IM should almost know the URL by heart now with as many times as I have given it to them. It shows total attacks, resolved name, IP, and type (Code Red 1, 2 Nimda). Came in real handy for telling a few coworkers they were infected. I'd offer the link, but it has since been turned into a "The End" page.

And I can't believe IIS is still vunerable to the same style quirks that I saw versions ago when I used to be an NT admin. (The whole encode some things into the URL to get the web server to play with files on the hard drive in the system folder).