I've checked all the machines hitting me with Code Red requests and tried your line. No success. I'd love to tell these people they are infected, or inversely, know that they've patched the hole. Is the above command/url correct?

Kickstart