I had literally hundreds of these files in deeply nested directories. I ended up writing the verminator.php and the vermicide.php scripts that would recursively go through an entire website and remove those files and look for the offending .htaccess file and remove the bad stuff and delete the .htaccess file if nothing else was in it, Some of my .htaccess files had passwords and modrewrite and 404 redirects so my script left the important stuff in the .htaccess and put them back the way they were.

They were trying to hide thier tracks and did not deface the site. The hacker and I were literally playing cat and mouse on the server. he would delete the log file but I got a copy just befor he did so.

I wrote my own tracking script and he was using netscape 3 and his ip was from pakistan I then got hundreds of emails with viruses form pakistan, the next day hundreds more from egypt.

I saw your post and had to respond since no one really documented what it does