In reference to this thread;
[webmasterworld.com...]

It goes after .php too. (the script contains forms to produce fake emails, sending a photo infected with with this code to be placed on an unprotected machine (server and/or PC).

All of our attacks come in from;
210.176.70.0/24

The inexperienced user actually left me a trail to follow. So I chased the script down (on the server it's located on, and in the range above, looked it over, and yes, it is, ironicly, developed and distributed by isec.pl themselves. According to the documentation found within the script itself, it's used for, "further research and exploit development".