GEN:SID 1:1073
Message WEB-MISC webhits.exe access
Summary This event is generated when an attempt is made to read web application
source code.
Impact Information gathering.
Detailed Information The webhits.exe sample program that comes with Microsoft Index Server in IIS
contains a vulnerability that allows the reading of web application source
code.

Sometimes web application source code contains highly sensitive information,
such as database passwords and information concerning backend setups.  This
could be a prelude to further attacks.
Affected Systems Microsoft Index Server when deployed in conjunction with Microsoft IIS.
Attack Scenarios Attacker sends a simple URL like the following and then chooses which
file they want to view:
http://servername/scripts/samples/search/webhits.exe
Ease of Attack Simple. No exploit software required.
Corrective Action Remove the samples directory from the webserver.

Check the host for signs of compromise.
Additional References http://www.win2000mag.com/Articles/Index.cfm?ArticleID=475&pg=2

http://secinf.net/info/www/cgi-bugs.htm
Rule References bugtraq: 950
cve: 2000-0097