I think you are confused as to what this is doing. How the malware initially got loaded onto the *NIX box is not discussed in the write-up. The malware does not break out of the browser's sandbox and obtain root privileges. The malware is used to add/change the file being served by the web server. There is no mention of what file the malware was being used to serve up...it could be used just to transparently serve up ads or could be used to serve up some client-side exploits.