The 15th i've see this sample: http://vxvault.siri-urz.net/ViriFiche.php?ID=9330
Appear to be a VertexNet bot after a short analysis.
VertexNet v1.1.1 Builder:
Malware call home with 'V32' as user-agent:
I will not do a full analysis, but it's relatively simple to understand how it's work.
If you want start into malware reversing, i think VertnetNet 1.1.1 is a good exercise.
Well, to return on the original subject the adduser.php is not protected against flood attack.
So here is a short perl script for exploit that:
And poster.php appear also vulnerable to xss (without being logged into the C&C)
who want send abuse ? :)
For terminate, here is the music of the builder :þ