My Penguin Headed Admins -
Over 400 Apache, Lightttp, and nginx servers infected... estimated 100,000 users compromized.
These are Linux based aren't they???
Supposedly Russian, Ukrainian, and at least four other languages are never exposed... and previously attacked targets are not being hammer at this time.
Backdoor - how the heck did they do this?
The ARS Technica article:
Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too
They also talk about Darkleech in the article...