GEN:SID 1:497
Message ATTACK-RESPONSES file copied ok
Summary This event is generated by the successful completion of a file transfer operation. This may be indicative of post-compromise behavior indicating the use of a Windows command shell for copying files.
Impact Serious. An attacker may have the ability to transfer files from the victim host.
Detailed Information This event indicates that a file was successfully copied using Windows command line shell.  The string "1 file(s) copied" is shown after the successful completion of a Windows "copy" command.

Seeing this response in HTTP traffic indicates that an attacker may have been able to spawn a shell bound to a web port and has successfully executed the copy command. Note that the source address of this event is actually the victim and not that of the attacker.
Affected Systems  
Attack Scenarios An attacker gains an access to a Windows web server via an IIS vulnerability and then copies "cmd.exe" into the directory accessible by the web server, thus creating a backdoor to access the system.
Ease of Attack Simple. This may be post-attack behavior and can be indicative of the successful exploitation of a vulnerable system.
Corrective Action Investigate the web server for other signs of compromise

Look for other events generated by the same IP addresses.
Additional References  
Rule References cve: 2000-0884
bugtraq: 1806