>I'm wondering where this backdoored version of Joomla came from.

It probably was inserted using another vulnerability, and put there to hide it from site owners who were only looking for files that weren't there before.

Well - I'd go a bit further. Use of $gnu combined with the function name and location is also fairly clever in that a casual glance will just appear to be some gnu/gpl-related code in the copyright file -- not at all out of place.

It won't pass any real scrutiny, but it does help it to slip under the radar if someone isn't paying close attention.