Active Shellshock SMTP Botnet Campaign

An active campaign is exploiting the Shellshock bash vulnerability by placing exploit payloads in email header fields (subject, body, to/from) to cause SMTP gateways to download a Perl-based botnet (from a malicious site) and join an IRC-controlled botnet; organizations are advised to patch Bash immediately and monitor/block such activity.