I came across some Perl used for defacing websites. Not the standard stuff that adds a picture or scriptkiddie text, but adds an iframe to a website that was used (probably unknowingly) with the Eleonore Exploit Kit.

The Perl just globs standard html files (e.g., html, asp, php, etc), opens them, and appends the iframe to it (and remembers to CLOSE the file handle, too). That's it. Pretty manual. Not as automated as I thought it would be. I expected that it would at least change directories to the standard html directories or delete logs or something, but no... and it's clearly not us…