After some extensive reading and working through an older version of EXIM mail daemon which is commonly used in cPanel, it would appear there is a nasty bug in an older version of EXIM.

READ MORE ABOUT THE EXIM eXploit

You will need to patch any older versions NOW or simply upgrade. There is a worm going around eXploiting the EXIM versions. If you have any issues or need help, I am here to assist. https://tickets.linuxgu.com/open.php – Submit a ticket and I get e-mailed directly.