Hackers can hide WP plugins at JPEG images, as explained on this website: http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ ... see the end of the section with subtitle "Hidden Code".
I'm not sure if the current version of WP is still susceptible to this hack, but I have found suspicious JPEG images on my own server in the same folder with known hacker script files. (The JPEG images were suspect because (a) they shouldn't have been there, and (b) they wouldn't open with an image viewer. So most likely there were code.)
It would be nice if your scanner could identify such files.