WP-VCD

WP-VCD is a threat actor that specializes in compromising WordPress sites. Its attacks use both server-based propagation and unsafe downloads with themes relevant to WordPress owners. Website admins should monitor the site code for any potentially harmful modifications for advertising, especially, and let anti-malware services with website analysis features remove WP-VCD's content automatically.

WordPress Search Engine Optimizing Put to the Worst Uses

The worst of all possible uses for SEO, or search engine optimization, forms the crowning strategy and strength of WP-VCD, a threat actor defined by their website-hacking operations. Although reports of Joomla-related incidents from WP-VCD go back to 2013, over the past few years, most attacks involve highly-specific social engineering exploits for WordPress. As usual, most of WP-VCD's victims have only themselves to blame for the consequences of pushing their Web-browsing habits beyond safe boundaries.

WP-VCD's botnet – a decentralized network of compromised WordPress websites – uses optimized keyword search results for Google for promoting 'free,' pirated versions of premium WordPress themes and other add-ons. After the webmaster installs the unsafe content, it compromises all additional topics for the site, as well as the underlying server. The latter is something that malware experts view as especially concerning since it endangers responsible administrators who aren't downloading the themes – but are virtual 'neighbors' with someone who is.

WP-VCD's underlying motive is, as is almost always the case, making money. Compromised websites host advertisements that may or may not deliver additional, third-party actors for the campaigns of other threat actors. An example of possible use is embedding a redirect to an Exploit Kit, which could drive-by-download another payload through JavaScript or Flash, for example. Other advertisements might be harmless – but still, generate revenue for WP-VCD.

Pressing WP-VCD Out of the Website-Hacking Business

Even if the content they're looking for is purely cosmetic, website administrators always should procure their add-ons from authentic and trustworthy sources, rather than taking significant security risks by pirating products. Users can protect themselves additionally by scanning any downloads with appropriate security products before using them. Various anti-malware solutions also provide analysis for site code and can identify questionably-included content through such metrics as blacklisted URLs and vulnerability exploits.

Unfortunately, users getting compromised through their servers being affected will have to take similarly-proactive measures, even if they haven't downloaded any themes or unsafe content of their own accord. This issue should only impact sites on a shared hosting environment and has no known cross-server propagation capabilities, besides the previously-noted downloads.

While WP-VCD's longevity is impressive, its newfound SEO success in the latest months of 2019 is equally so. Its campaign and botnet rank as the top threats for WordPress sites and administrators should depend on competent anti-malware solutions for removing WP-VCD elements before any more infections occur.

As competent as WP-VCD might be, malware researchers continue pressing on the point of self-endangerment that their victims incur. Psychological trickery requiring the victim to break the law is, no matter how competent, never just the fault of the con artist.