I love how instead of getting to the crux of the argument (ie. this thing is malware) his first point is about how the malicious code does not use unique function names that could possibly collide with other code.

damn geeks.

Most malware is written with hilariously bad coding style. I found it amusing that he claimed the fun_ prefix can be "used to denote a quantity is a function in some programming styles", despite this being irrelevant in PHP because function identifiers can never also be variables (all variables start with $).

if only malware writers would write better code! oh wait... :P

For the record, I got wind of the link from Matt Cutts' twitter feed.