According to thehackerblog.com all C99 and R57 shells are unsurprisingly backdoored meaning the script creator is able to take control of the all the servers that contain this shell and use it as a colossal botnet for DDOS purposes against any website of their choosing.
for the full exploit break down check out the following link:
http://thehackerblog.com/hacking-script-kiddies-r57-gen-tr-shells-are-backdoored-in-a-way-you-probably-wouldnt-guess/