Anyone else still getting these? My bloody logs are full of em (fortunately all responded to by 404's :) )

yeah ive had a few but they get redirected to a 403 doc....and then logged

ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi

oooh

/me investigates that.

/me wonders what the hell you're talking about
/me wonders off over the hills

There are still several thousand CR or CRII infected hosts out in the world. Dialup connections and other connections that change their IP address can make it very hard to find the actual owner of an infected host, especially outside the western world.

http://www.caida.org/analysis/security/code-red/ had some good analysis of how the number of hosts dropped off post July 19/August 4th, and someone, somewhere, is tracking a long-run trend of CR infected hosts, but I can't find the URL.