We recently became aware (special thanks to @slideintohome) of a SMTP botnet campaign occurring for a number of large-scale customers targeting SMTP gateways with Shellshock based attacks. The attack leverages Shellshock (https://www.trustedsec.com/september-2014/cve-2014-6271/) as a main attack vector through the subject, body, to, from fields (targets every main header field in order to download the perl botnet script). Once compromised, a perl botnet is activated and beaconing on IRC for further instructions.
Dave Kennedy is the Founder of TrustedSec and Co-Founder and Chief Technology Officer of Binary Defense. He started both these companies with the goal of improving the security industry and promoting the advancement of the industry through quality services.