I’ve seen Bkav VEX.Webshell twice now with downloads from originating plugin creators.
Not installing until we get some answers.
Plugin Author
YoFLA
(@yofla)
Hello, thanks for notifying me on this!
I run also the shell plugin scanner on the recent version of file and the result was “safe”: http://www.shelldetector.com/file/c7912adb6b335235f25448ee0e63df431103a2a49fcfd972bd7bf97559f39806
Here is the source code of that file:
https://plugins.svn.ww.wp.xz.cn/360-product-rotation/tags/1.3.6/includes/yofla_3drt/lib/yofla/Rotate_Tool.php
I will let you know if I find any possible vulernablity in this file.
Hello,
Can you let me know the file?
Is it some executable ELF file, perl file, and php file?
I’m also try to scan some file in virustotal.com and it has a result VEX.Webshell.
I am scanning it because it is the file which i have been found in some incident. It actually webshell that bruteforce so many wp-login.php.
The risk is not actually high, but it can cause your server to be blacklisted because the report that come.
I checked
and found the line
....
*
* TLDR: <?php echo Rotate_Tool::get_iframe('jewels/neck/jewel-03');?>
*
....
If the line is deleted
antivirus does not find the virus
http://www.shelldetector.com/file/07ddcf8dab891a766b03343a1bdc8e77e833f144c5cb52f7c15871152b150a32
all OK ))) Why ??
-
This reply was modified 7 years, 2 months ago by
kolshix.
-
This reply was modified 7 years, 2 months ago by kolshix.
-
This reply was modified 7 years, 2 months ago by kolshix.
