SANS ISC Handler's Diary has a very interesting post regarding MPack and Apache permissions. With multiple websites being hosted on a single machine, only one of the websites needs to contain a vulnerable PHP script in order to infect all of the sites hosted if Apache permissions are not properly configured.
Italy recently experienced MPack compromises on thousands of web sites that were hosted by only a few machines.
Haven't heard of MPack? It a malware "kit" that sells online for $500 to $1000 USD. It's maintained as if it were legitimate commercial software with modular extras available and maintenance updates. This type of kit provides a layer of insulation to the malware author as he is only writing a tool, and it's other bad guys that are actually carrying out the crime.
