Wordpress themes and plugins might seem harmless and especially impossible to use as a means for spreading trojans and malwares since they mostly consist of text files (PHP, Javascript, CSS, HTML etc) and images. But that assumption would be wrong.
Recently, during a boot time scan of my system using Avast, some files were identified as infected with malware and trojans. The most striking part of this was that the footer.php file of a Wordpress theme was detected as being infected by a Trojan (PHP:Agent-FQ [Trj])! The same theme was installed across 2 local Wordpress installations and the footer.php file was infected in both places.
The theme files were infected due to some base64 encoded text present in them. This does not mean that all encrypted/encoded text is bad. Some free themes have the license/copyright information and the creator's details (name, link etc.) in base64 encoded text in the footer along with some required HTML and PHP code so that removing the copyright information becomes difficult. But this might not be the case everytime.
Leland Fiegel has written a very good article over at Theme Lab which also discusses some measures to check themes with encrypted or encoded code if their use cannot be avoided.
Also, apart from Wordpress, this advice would also apply to any text/ASCII file in general containing encoded or encrypted text.
No comments:
Post a Comment