You would need to find out where the malicious thing is happening. The files are appearing in the data directory because it is 777 permissions so I assume whatever attack is happening is scanning your server folders for directories to try and place files in.
If your integrated with vb then vb mods are the number one cause of this.
My data directories are 755 as per my host's policy, and it's a standalone, no integration, no mods. I'm assuming that the malicious files were uploaded somehow since they appeared in the data directories, but I haven't figured out how as yet.
You can not upload a php file through our application nor would they appear in every last directory the same files over and over. Over the years here I know you have a vbulletin mod which has a security issue and causing files to be uploaded to any directory it can find on the server which is uploadable to. Like years ago Michael had the same exact issue you had and he researched his issue and found it was some flashchat mod he was using on his site for vbulletin.
Basically you need to find out where your security hole is. We know its not Photopost. We typecast all variables for security and there is even code in our application that only allows image files to be uploaded so you can not rename some php file to an image name and upload or even upload a straight php file. You can try and see what I mean.
There is one common denominator with the few people who have reported this issue over the years. They all run vbulletin and they all have various vbulletin mods installed.
Well I did not say you had vbulletin only guessing here since those are the only reports we have had and I am suming up what was found out. I did not see a site link above so I can not tailor any response specifically to your site.
Anyway to sum up what I have already said. The type of attack that I have seen over the years is this. A suspect program that has a security flaw allows a user to get in and scan your site folders for folders that are writable and they drop in specific files that can assist them in trying to get full access. You will find these types of files in any directory on your server that is writable to it.
Aside from that without lots more info I can not say more than that. Do you have any of these files? Have you checked your other directories?