This is up on #debian's info bot:
http://www.stone.nu/projects/python_scripts/code_red_warn.py.gz

The script goes through your access.log, finds the ip from any default.ida
requests, and then sends a http request to the hacked box, forcing
root.exe to start a browser on the users system that directs them to a
warning page.

It's neat. Not legal I'm sure, but neat non the less.

Andrew S. Zbikowski | http://www.ringworld.org
"We can learn much more from wise words, little
from wisecracks and less from wise guys."
--William Arthur Ward