The hacker used a common mis-configuration in PHP scripts to take over Linux machines and use them for his army of zombies. What is scary about this is that these machines are typically web servers on broadband connections.

http://blogs.zdnet.com/threatchaos/?p=310&tag=nl.e622

Hello CharleyO,

In most cases it is not a PHP hole, but a badly programmed CMS. Bad hardening of a server, installing certain php-extensions like curl without any need for it, register_globals etc.
Especially those folks using a popular CMS are sought after victims. Just a google for “…cms_guestbook.php” together with a bad configuration with register_globals set at “off” and BINGO.

There is an enormous array of bad coding and bad auditing practices going around, and snake-oil applied by the accident-prone so-called experts. Pseudo-security, my friend, pseudo-security is the name of the trap.

polonus