This ended up being a "standard" linux box exploit, because of bad default passwords and FTP configurations. All has been resolved by the vendor at this point.