Plugins seen as a malware (quttera.com)

  • shaphiro

    (@shaphiro)


    9 years, 1 month ago

    Hi all,

    recently my site has been marked as malware due to this plugin from quttera.com

    File:
    /wp-content/plugins/ajax-search-lite/js/min/jquery.ajaxsearchlite.min.js?ver=4.7.3

    Reason: Detected procedure that is commonly used in suspicious activity.

    Details: Too low entropy detected in string [[‘#mCSBap_,#mCSBap__container,#mCSBap__container_wrapper,.mCSBap__scrollbar .,#mCSBap__dragger_vertica’]] of length 110 which may point to obfuscation or shellcode.

    Any idea?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author wpdreams

    (@wpdreams)

    9 years, 1 month ago

    Hi,

    That is the minified version of the plugin main files, namely that line refers to the scrollbar script. Minified by microsoft ajaxmin into one single file.

    It is definitely a false positive, as it is clearly seen in the marked code that it’s an array of strings of the scrollbar HTML identifiers and classes – not an obfuscated code, nor a shell script.

    3001web

    (@2001web)

    8 years, 11 months ago

    moved to new thread

    quttera

    (@quttera)

    8 years, 11 months ago

    Thank you for reporting this issue.

    Please send list of all effected domains to support[at]quttera.com and our malware research team will investigate it and remove the warning.

    [ Signature deleted ]

    • This reply was modified 7 years, 11 months ago by Jan Dembowski.
Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Plugins seen as a malware (quttera.com)’ is closed to new replies.