Risk: plugin contain CPRBD72.Webshell

This topic has 3 replies, 3 voices, and was last updated 7 years, 8 months ago by s dw.

Viewing 4 posts - 1 through 4 (of 4 total)

Author

Posts
December 1, 2016 at 3:39 pm #18196

Zaki Sp
Participant

I just scanned the plugin : The WPMU DEV Google Maps Plugin

i found : CPRBD72.Webshell in the plugins

What does this mean?

December 1, 2016 at 4:47 pm #18197

7h3h
Keymaster

It first of all means that you most likely used virustotal.com, which is a great online service providing antivirus analysis routines from 54 different antivirus routines. 53 show a green checkmark (no known viruses or malware found) and only Bkav says “CPRBD72.Webshell”…

Now this either means that Bkav is the only one who was able to detect this webshell and the others failed or Bkav gave a false positive.

When you do some research on Google about “Bkav Antivirus” you will learn that they have specialized on Android…

Looks pretty much like a false positive, huh?

Why does Bkav do this? When you examine the .php file of which Bkav thinks that it contains the webshell, you will find some BASE64 code, which is contains the WPMUDEV logo. Using BASE64 Code in php is a a very ugly thing to do but unfortunately what WPMUDEV does and what most likely triggers the false positive.

December 1, 2016 at 5:04 pm #18198

Zaki Sp
Participant

Thank you for the quick reply and the explanation! I understand

I even i downloaded the free version from WPMUDEV website and scanned it Bkav detect a webshell in in it even it’s from official developer website

Thank you very much!

July 17, 2017 at 6:29 pm #19153

s dw
Participant

to be safe remove the base64 code and replace with your own logo.
Author

Posts

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Most of the WordPress Plugins & Themes in the GPLDL repository are available for free download - yes, free! - that is even better than buying at a discount, rebate, promotion or with a coupon code.

After signing up for a free membership, you will instantly get a download link to GPLDL's WordPress plugins and themes including future updates.

Where is the catch? There is none. We re-distribute 100% exact copies of GPL-licensedWordPress items, completely unmodified - that means *not* nulled, cracked or otherwise modified code without any serial numbers, API keys or support.

How can you help? If you like our service, please spread the word. If you can afford to financially support us, please make a donation. All donations will be used for (recurring) subscriptions of WordPress plugins & themes and to grow the catalog!