It's not a "coding mistake". It's a pragmatic compromise. Changing the read-only file attributes on a file would trip most anti-malware/virus systems. These people may be bad, but they're not stupid. And let us not forget the original provenance of the exploit itself.
They're not stupid, either.