The malware infects Linux servers running Apache 2.2.2 and above. The malware injects iFrames into the sites hosted on that compromised box. These sites were then used to launch drive-by-malware attacks against unsuspecting users.