Darlloz and other weird requests

Yesterday, I was looking at an arcticle detailing a new web app attack named 'Linux.Darlloz'. It exploits a vulnerability in PHP5. Fortunately, I dont use PHP, however I tailed my Apache logs and I found:

141.101.98.185 - - [05/Jan/2014:14:20:18 +0000] "GET /cgi-bin/php HTTP/1.1" 404 509 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"

occuring every 10 minutes. This seems to be some sort of botnet with a faked user agent checking if I'm using PHP. After a few seconds, I received another request:

96.21.81.50 - - [05/Jan/2014:11:25:56 +0000] "\xf4n\x90\xe1\xb5r\xf8\xd0\x1d\x9d\xa7m\x1c\xb6Q\xef\xc4\xad\x97o\xaf\xb4*\x16E\xbd\x89sd\x9b\b\xdck\x0cU\xea$?!q\x84\x90t\xd0#K\xd6\xdb\x02Lv\xd9J\\S\xc4\xa9\x7f\xcaa\x04" 400 310 "-" "-"

I'm not really sure what this is, but I'm guessing its some sort of payload. My server didn't know how to handle it, so it sent an error.

The final request was:

183.60.48.25 - - [05/Jan/2014:09:29:01 +0000] "GET http://www.baidu.com/ HTTP/1.1" 200 1373 "-" "-"

This is apparently an Apache proxying request. I found that, after repeating the request in a Raw session, my server was responding. A lot of people have suggested that this is just an issue with DNS, however I remained suspicious and followed recomnedations to add a rewrite in .htaccess:

# Restrict HTTP methods

RewriteCond %{REQUEST_METHOD} !^(GET¦HEAD¦OPTIONS¦POST)$
RewriteRule .* - [F]
# Block proxy requests
RewriteCond %{THE_REQUEST} ^(GET¦HEAD¦POST)\ /?http:// [NC]
RewriteCond %{THE_REQUEST} !^(GET¦HEAD¦POST)\ /?http://(www\.)?yourdomain\.com/
RewriteCond %{THE_REQUEST} !^(GET¦HEAD¦POST)\ /?http://192\.168\.0\.37/
RewriteRule .* - [F]

I hope this helps any one who is as worried about rogue requests as I am!

Update

I've done a bit more research and apparently this attack is part of the Zmeu scanner. You can learn more here: http://ensourced.wordpress.com/2011/02/25/zmeu-attacks-some-basic-forensic/