Microsoft on Monday said it is looking into a report of a flaw in some versions of its Internet Information Services product that could allow an attacker to gain control of a system.
In a statement, a Microsoft representative said the company "is investigating new public claims of a possible vulnerability in IIS 5 and IIS 6 File Transfer Protocol (FTP)."
Microsoft said it is not aware of any attacks using the vulnerability. "We will take steps to determine how customers can protect themselves, should we confirm the vulnerability."
This exploit triggers a large SITE command and can easily be detected.
If you want to detect the attack with Snort you can download the rule from ET.
The IIS FTPD Exploit can be found here