CERT Advisory on Nimda.

And Nimda info from SANS.

I’m serious about this question: why run IIS? I’m not wondering why Windows, just IIS. What functionality does it bring to the table that makes the security risks worthwhile? If you have thoughts, please let me know.