exploit of systems not updated
now I'm now guru but according to netcraft the vast majority of the domains listed in the google link seem to have been updated today 24AUG09 from Microsoft-IIS/5.0 to something different.
When I say something different I'm not pulling out the usual "linux aint infected" lark as the initial report doesnt seem to indicate exactly what platform the exploit is targeting - what I'm saying is make yer own mind up - whilst its possible to munge the server agent string a lot of these domains seem to have changed hosting providers as well - today!
lastly, not posting very often it would be nice to know who the feck stole my original "nobody" handle. ta.