When visiting the home page of my wife’s website today, IE notified me that the site wanted to download a file. I decided to see what it was and where it was coming from. The file was imdb-video-movies-trailers.zip and was being served from downloads.www.ads-software.com. I checked and saw that this was the filename for the Cinemabase plugin.

I decided to continue with the download, which my antivirus deemed to be clean. I unzipped it and saw it contained a php file and a readme file. They appeared to be legitimate (not that I am any kind of expert on php hacks).

My questions are: does WordPress (the company) ever serve up these kind of file downloads to WordPress users?

If not, then has my wife’s site been hacked? (It comes up clean on Google and other web diagnostics.) What would have to be put on the site for it to offer file downloads to someone hitting the main landing page?

Any help in understanding this would be appreciated.

A

https://www.ads-software.com/extend/plugins/imdb-video-movie-trailers/