ngix, Stormworm and Cisco IDS

On August 21, the SANS Internet Storm Center noted that the storm worm was now be hosted on servers using ngix in the lastest wave of attacks. They further noted that signatures based just on that server name were a bad idea because ngix is a legitimate web server.
I notice that my Cisco IDS is reporting instances of the Storm Worm. A lookup of that signature in the Cisco IPS signature database found that “the signature triggers on seeing the string “Server:ngix”in the return web traffic.” While it does note that this could be legitimate traffic, this really wastes my time.