Previously I wrote a blog post about the ByroeNet/Casper-Like bot scanners, and relate that the most important evolution of these scanners where the integration of e107 RCE (EDB-ID : 12715) and LFI vulnerabilities exploitations. I created a rule to monitor precisely the activity of theses e107 dedicated exploitations.

Here under you can find real time graphs for the e107 RCE vulnerability.