Personally, I would not assume that "Much of Apache's server content is static" Perl, CGI, php, and coldfusion have been around for a while now, and apache runs this languages easily.
Normally, I will be the last person do defend Micro$oft, but can we really blame them for what other people do with their product? If IIS and Apache weren't around, then they would be using other web servers to
pass malware. If you are going to assign blame, blame the developers and server admins who publish the malware. Or the server admin who allows this to be ran on his server.
Keep Up with TechRepublic