WordPress.org

Ready to get started?Download WordPress

Forums

Possible Virus in WP125 Plugin? (2 posts)

  1. winrid
    Member
    Posted 2 years ago #

    My client is running the plugin WP125 on his site, and in Chrome's console I notice the following:

    Resource interpreted as Image but transferred with MIME type text/plain: "http://l.betrad.com/ct/0_0_0_0_0_8366/us/0/1/0/0/0/0/1/242/141/0/pixel.gif?v=705&ttid=2&d=a.rfihub.com&m=5&r=15713".

    Where l.betrad.com is listed here...

    http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&domain=l.betrad.com

    XHTML block that the code is referenced from:
    http://cloudtimes.org/wp-content/uploads/virus.txt

    Anybody else having this occur? The plugin looks legit and infected at the same time.. I cannot find any reference to the URL in the plugin's code, which suggests the programmer is trying to hide it. Or, could I be wrong and betrad.com is just used for handling data? Because...

    http://c.betrad.com/a/n/141/8366.js?r=0.3383105001412332

    Looks extremely legit.

    HELP! :(

  2. esmi
    Forum Moderator
    Posted 2 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic