So it would seem those clever virus writer types are now also leveraging the synergisticismly awesomeness of THE CLOUD.
It's no real surprise to anyone, if you're running a vulnerable web app, it's quite likely your server is going to be compromised. I'd even be surprised if this is the first web-app based worm, but it will likely get more press than others. The fundamental issue boils down to folks not keeping their systems updated. This is where leveraging things like distribution packages are a big plus, as when the distribution updates things all you have to do is install their updates.