As already mentioned in Friday's diary, exploits for the Horde App Framework vulnerability are making the rounds. The exploit downloads and installs two variants of Perl/Shellbot which connect back to IRC servers in Germany and the U.S. over tcp/4444. A Nessus Plugin is available to check for the Horde vulnerability.