It is infected with a redirect to a malware site. WordPress should take it down.
mrivera915 – be VERY specific.
And email this to [email protected]
stevema – there have been no other reports about this plugin.
It is perfectly possible that something else on the server has written to that file.
I need the information from mrivera915 which I hope is emailed.
Sorry – I must have missed the word ‘email‘ from my reply.
I found this, closed the plugin and will fix.
Why did you remove my comment?
Because giving any security related information is something we do not encourage. It can cause more problems and generally solves none. This is why we ask that all security related issues are sent to [email protected]
One of the core contributors has checked it out. 2 others will shortly.
The .static files are not executed.
The site that is in those files has been compromised, not the plugin itself. If you check the warning from google you can see that something happened on 27 January. So that site has the problem and they will be informed.
The plugin remains removed until the other site is fixed. In the meantime just delete that plugin from within the Plugins page or using FTP if you wish but right now we have no reason to believe it is bad.
Thank you for support. I am glad you guys know what you are doing! I don’t know if this is any help but about 4 months ago I got a virus infection which was similar although it did not direct to the same malware site. I never found the source of it but I wonder if it came through the same plugin?
Hello,
This plugin does not install a virus on your site unless your server will execute .static files. The .static files are used to remove the virii from your server. If you get a new virii you can make your own .static files in the same folder and run the scanner to clean the virus off of your site. If you are truly paranoid you can use .htaccess to block access to any .static files.
Best Regards,
Ralph Ritoch
I will be filing a complaint against bluehost as their defamation of this plugin has lead to WordPress discontinuing this plugin. Even WordPress doesn’t understand that the plugin cannot harm a web site and that the files in question are REQUIRED to delete the associated VIRII and Threats.
Here is the proof that the static files are NOT a security risk. If they were than simply going to the following link would infect my own web sites.
http://www.ralphndiaritoch.info/wp-content/plugins/web-security-tools/phpwebsectools/modules/virus_clean/definitions/sm3wv8.static
As you can see they are displayed as harmless text files with no risk to the web browser or the server!!!
