Hi,
In my apache2 error logs I noticed that a script is automatically being downloaded and run. Due to this the cpu usage goes to 100% when this perl script runs. I checked http://brk1.home.ro/perl in my browser and it shows the perl script which shows that it is a LinuxNet perlbot. Inside the script there's a mention of an IP: 209.114.36.218 to which it tries to connect. Now this IP belongs to slicehost and some time ago before moving to linode I was with slicehost.

Please have a look at my apache error log snippet below. I've checked my older logs and this same snippet shows once in a while -

--2011-12-06 08:00:45-- http://brk1.home.ro/perl
Resolving brk1.home.ro... --2011-12-06 08:00:45-- http://brk1.home.ro/perl
--2011-12-06 08:00:45-- http://brk1.home.ro/perl
Resolving brk1.home.ro... Resolving brk1.home.ro... --2011-12-06 08:00:45-- http://brk1.home.ro/perl
Resolving brk1.home.ro... 81.196.20.133
Connecting to brk1.home.ro|81.196.20.133|:80... 81.196.20.133
Connecting to brk1.home.ro|81.196.20.133|:80... connected.
HTTP request sent, awaiting response... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16186 (16K) [text/plain]
Saving to: `perl.1'

0K ..200 OK
Length: 16186 (16K) [text/plain]
Saving to: `perl.1.1'

0K ................ ..... 100% 49.4K=0.3s

.. ..... 100% 48.3K=0.3s

2011-12-06 08:00:46 (48.3 KB/s) - `perl.1.1' saved [16186/16186]

2011-12-06 08:00:46 (49.4 KB/s) - `perl.1' saved [16186/16186]

I believe that this is related to apache but I am don't know how this perl script is being automatically downloaded and run.
Any help would be greatly appreciated.

That looks like the output from wget, do you have any php scripts on your site or something similar? Check your access logs for what pages are being run at the same time as that's appearing in your error logs.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I checked the apache access log for the same date/time and found this:

mywebsite.ca:80 80.86.82.40 - - [06/Dec/2011:08:00:41 -0500] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 200 14839 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Op$
mywebsite.ca:80 80.86.82.40 - - [06/Dec/2011:08:00:41 -0500] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 200 14839 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Op$
mywebsite.ca:80 80.86.82.40 - - [06/Dec/2011:08:00:41 -0500] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 200 14838 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Op$
mywebsite.ca:80 80.86.82.40 - - [06/Dec/2011:08:00:41 -0500] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 200 14842 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Op$
AnotherWebsite.com:80 ::1 - - [06/Dec/2011:08:00:44 -0500] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.16 (Debian) (internal dummy connection)"
AnotherWebsite.com:80 ::1 - - [06/Dec/2011:08:00:45 -0500] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.16 (Debian) (internal dummy connection)"

I had already removed phpmyadmin2 folder and also changed privilege of wget so only root can run it.