Or maybe even http://microsoft.com/iis, eh?

Well, it's tempting, but I blame the owner of an IIS server that is attacking me more than Micorsoft.

here's the code to put in .htaccess:

RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} system32/cmd.exe   [OR]
RewriteCond %{REQUEST_URI} (MSADC|scripts)/root.exe  [OR]
RewriteCond %{REQUEST_URI} ^/_vti
RewriteRule ^(.*)$         http://localhost/$1 [L,R=301]
[download]

This not only stops the Nimda worm, but others as well some future IIS exploits that may come.