Backdoor:JPEG/ImageMagic.7595

Resolved

(@sahuaro007)

******************************************************
The issue type is: Backdoor:JPEG/ImageMagic.7595
Description: Executable code masquerading as an image.
******************************************************

Is this a false positive? 

How a user can execute code in a JPG file?

Where can I read more about this backdoor?

Thanks in advance!

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Support WFAdam
(@wfadam)

4 years, 11 months ago

Hello @sahuaro007 and thanks for reaching out to us!

Do you recognize this image or is this an unknown file?

If you have access to file contents, you could look if it contains <?php likely followed by PHP code, which would mean it is malicious.

If you want me to look into it further, you can send the image to wftest @ wordfence . com with subject “sahuaro007 for WFADAM”. Let me know if you do send something as I don’t monitor that email.

Thanks again!

Thread Starter sahuaro007
(@sahuaro007)

4 years, 11 months ago

Hi @wfadam

I did send you an email with 4 images, 2 suspicious and 2 screenshots.

Thanks!

Thread Starter sahuaro007
(@sahuaro007)

4 years, 11 months ago

Hello WFAdam,

Did you receive my email?

thanks!

Plugin Support WFAdam
(@wfadam)

4 years, 11 months ago

I did! Sorry for the delayed response but we had a long weekend with the holiday.

I had our Threat Intel team look into this issue and they deemed it a false positive. They actually uploaded the code found in these images to our database to be excluded from scans in the future. Since free users don’t get the newest rules right away, you can just click “Ignore” on these scan results.

Thanks for sending those in!

Thread Starter sahuaro007
(@sahuaro007)

4 years, 11 months ago

Hi Adam,

I will ignore this result.

Thanks for your help!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Backdoor:JPEG/ImageMagic.7595’ is closed to new replies.

Tags