Oscar,
You might want to goto this site and check for more info
http://www.microsoft.com/security/Most of our servers here are seeing the same IIS log entries every few minutes. One of the other developers said though that he thinks the IP address in the request is spoofed so it's not displaying the real attacker.
>After some research, I think it is some exploit of the WebDav vulnerability, but it seems widespread and I have not found any specific info. Before applying the MS WebDav patch, it crashed the server many times a day. After the patch, it does not crash anymore. But it must be a worm, I have been seeing it for some days now and do not know what it does.