A colleague of mine, Balachander Krishnamurthy, is looking for
Web server logs from sites that have been attacked by Code Red.
He's working on analysis techniques to detect flash crowds,
DDoS attacks, etc. Please reply directly to him
(bala@research.att.com) if you can supply any data. (You can
see the kind of stuff he's been doing by looking at some of his
recent papers, at www.research.att.com/~bala/papers)