> Anyway, here's what I've done on my own system (not on a cable modem):
> 
> Add `.ida' to the PHP mime/type in httpd.conf
> 
>   AddType application/x-httpd-php .php .php4 .ida
> 
> and created a file named `default.ida' that attempts to connect back to
> CR2-infected systems and pop up a warning with the `net send' command.
> 
> Of course, I have no way to test it.
> 
>   http://www.tc.umn.edu/~hick0088/files/defaultida.txt

It won't work. I've tried it. Apache sees the garbage that is the virus 
body, and responds with a Bad Request error, and won't even touch any 
CGI you try and get it to run.

What you need to do is make a daemon that watches apache's logfiles for 
codered hits and responds in whatever way you'd like.