Why do you have to dog on the post? I've ran into malware attacks in the past, and none of the things I've seen on the net caution you to look for pre_replace instances gone wrong. eval(), base_64_decode() and the like get all the press.