There have been many successful attacks against IIS servers recently:sadmind worm (“F**k USA Government”)“Code Red” worm (“Hacked by chinese – www.worm.com”)
IIS exploit code is readily available.
Common IIS exploits depend on well-known vulnerabilities.