include "img/flickr.gif"; Malware?

  • Resolved thegraphicscompany

    (@thegraphicscompany)


    10 years ago

    Just ran a scan with Anti-Malware and it has flagged up two files as known threats. It’s the same file just one is the location in the header.php and the other is the actual file itself.

    In the theme header.php it’s this section include “img/flickr.gif”;

    And then the second flag is of course that flickr.gif file itself.

    These have never been flagged in my regular checks before and the last time the header.php was altered was April 2014.

    Looks to me like this is a false positive but would welcome a second opinion before I ignore it.

    Oh one thing I should mention. I downloaded the flickr.gif from the site but it would not open in any graphics program. Perhaps that is an indicator of something?

    I have since replaced the flickr.gif with one from another source, just in case!

    https://www.ads-software.com/plugins/gotmls/

Viewing 1 replies (of 1 total)
  • Plugin Author Eli

    (@scheeeli)

    This is probably NOT a false positive for two reasons:

    1. If you could not open the “flickr.gif” file with an image viewer then it is likely not a real image file, it probably contains malicious PHP code and is named “flickr.gif” to make you think it’s an image. try opening this file with a text editor.

    2. if the path to this file was included in your header.php file as an include than it is definitely trying to execute the file as code instead of displaying it as an image.

    If that date on those files are throwing you off you should know that hacker are able to fake the date modified of the files they alter so that it is harder to tell when it was actually hacked.

    Without seeing the full contents of these files I cannot say for sure that they are malicious, but the evedence you have given is certainly very suspicious. I would not write this off as a false positive.

    Let me know if I can be of further assistance in this matter. If you want to you can also email these files directly to me: eli AT gotmls DOT net

    Aloha!

Viewing 1 replies (of 1 total)
  • The topic ‘include "img/flickr.gif"; Malware?’ is closed to new replies.