Sorry about the late post about this. If you keep up with your firewall logs, you\'ve no doubt noticed a lot of activity on port 80. This is the port that\'s attacked by Code Red, and the new Code Red II. It\'s designed to take advantage of non-secure IIS webservers (they\'re all insecure if you ask me, but specifically targets ones that don\'t have the latest security patches installed). Webservers, of course, operate on port 80. Code Red was bad enough, but Code Red II is more efficient, which means a hella lot more scanning for ripe targets.
More info can be found
here.
