If you run a web server, you should be very familiar with the PHP vulnerability classified as CVE-2012-1823. Successful exploitation of this vulnerability allows a remote attacker to inject arbitrary code via command line options within the HTTP query string. Unfortunately, there remain a large number of PHP servers that do not have this vulnerability patched, making them an ideal vehicle for acting as a DDoS bot.
more here............http://www.deependresearch.org/2014/07/another-linux-ddos-bot-via-cve-2012-1823.html
more here............http://www.deependresearch.org/2014/07/another-linux-ddos-bot-via-cve-2012-1823.html