About a week ago WordPress announced that attacker has gained access to 3 popular plugins (Add This, W3 Total Cache and WPtouch) and has made unauthorized changes to the plugin by adding malicious backdoor codes. This is indeed very dangerous because installing the backdoored plugins can cause the website to get compromised by the attacker. Adam Harley, a contributor to WordPress core development, shows what kind of malicious code is injected to the plugins on his website. mtekk’s Crib also pointed out what the evil code does. Surprising it takes only 1-2 lines to create a backdoor on a plugin…
During that time, I remembered I’ve just updated W3 Total Cache to the latest version and wasn’t sure if the installed version is clean or backdoored. Unfortunately WordPress doesn’t provide a way to easily re-install plugin and the only way I can reinstall is to download the plugin to my computer and upload it via FTP, overwriting the files on the server. I was more on the curious side to find out if the installed W3 Total Cache contains the backdoor code, so I downloaded the W3 Total Cache from my server to my computer, and then downloaded the real W3 Total Cache from the WordPress site for comparison.
There are a lot of folder comparison software with tons of settings but all I need is a simple tool that don’t require installation and is able to compare all the files through file size or binary. I found a pretty useful and light folder comparison software called TreeCompare.
All I need to do is specify two folders that I want to compare, click on the Options button to choose the compare criteria and finally click the Compare button. A result window will open showing you the number of files and folders it has compared together with the number of same/different files. Binary Compare option is the best way to check for changes between two folders or files but it takes more time.
TreeCompare is portable, small (only 50KB) and free. You will two versions of TreeCompare which is in the i386r (ANSI) and i386ur (unicode) folder. If you are using Windows NT/2000/XP and above, both unicode and ANSI will work but unicode is supposed to work better. However if you want to run TreeCompare on Windows 95/98/ME, you must use the ANSI version.
Fortunately this blog is safe from the backdoored plugin as I couldn’t find any difference using TreeCompare.