As discovered last week, a variant of the original is now infecting Windows machines. The CNC is on another site which is hosting a http:/..../getsetup.exe and then this spawns 2 versions of getsetup.exe
The site mentioned in the Anubis report is carrying the payload and delivering a executable which then installs the 2 windows services.
It's worth mentioning at this point that the CNC and domains are all listed here are present in the Windows version too, an initial query to the following dns.dsaj2a.com is made, i did not observe any further operations.
Here is my Cuckoo analysis - which shows the infection.
Thanks to @malwaremustdie for their original investigations on the Linux variant.