I need to ask you for some assistance checking a code file for a malware/email spam problem.
My web host and their security partner identified the Total Security plugin as a malware problem in February 2014. The file identified as the problem is inc-popup.php, located in the modules folder. The problem with the file has been determined to be a email spam problem. There is code in the file that will allow a hacker to send email spam through the file.
I contacted Fabrix Doromo, Total Security plugin developer, to report the problem. He believes the identification of his plugin as a malware problem is a false positive. He says the inc-popup.php file is for displaying text in popup windows. I informed him about the email spam problem and I am waiting for his response.
Fabrix posted the code file for inc-popup.php at GitHub, so the code file can be checked to determine if there is a malware/email spam problem. I would like some assistance checking the code file. Can you check the code file or can you notify someone at WordPress to request their help? Also, who else should I contact to report the problem?
Also, do you know the code for a generic mailer/email?
Data:
1) File Path Data, and Generic Mailer data
/wp-content/plugins/total-security/modules/inc-popup.php
PHP-MAILER-GENERIC-md5-ji.UNOFFICIAL FOUND
2) URL for Code File for inc-popup.php posted at GitHub
https://gist.github.com/fabrix/10945076
3) WP Forum - Total Security plugin thread
http://wordpress.org/support/topic/total-security-plugin-is-a-malware-problem
4) Fabrix Doromo's website
http://www.fabrix.net