Looks like a nasty exploit for Awstats has been found and used.
Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user “nobody”). If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommanded to update to 6.3 version that fix this security hole.
Use it? Get your host to upgrade as soon as possible.
Left Brain Right Brain 
I use the ultra cool Shortstat
An example page of stats
Yeah, I’ve thought about Shortstat before Tom and I do like the looks of it, its just not as comprehensive as Awstats.
What I really want is a stats package that associates keywords with engines. Can’t find an easy to use one anywhere.