WP-VCD Malware Reattack on your Wordpress site

WP-VCD Malware Reattack on your WordPress site
November 9, 2019 No Comments articles siwelke

WP-VCD is a malware that  creates backdoors in your website by adding other hidden WordPress admin users or a backdoor account with the name 100010010 .This exploit then allows the attackers to have full access to your site  and maintain a persistent foothold on these infected sites.

A thorough research by Wordfence found out that the rates of VCD attacks have been on the rise since August 2019.

WP-VCD has been around since at least February 2017, becoming more and more prevalent over the course of that year.

Nowadays, Wordfence says WP-VCD is today’s top hacking group on the WordPress landscape.

The attackers sole intention is monetization which comes from two main sources:

  • viral marketing activity intended to manipulate search engine results
  • malvertising code which creates potentially dangerous redirects and pop-up ads for users on a compromised site.

How it spreads

  •  Using outdated WordPress plugins & themes for your site. 
  • Downloading and installing free pirated premium WordPress themes 
  • Downloading and installing free crafty plugins.
  • Not using any firewall or security option for your site 

Symptoms of an infected site

  1. A new user with administrator privileges is added to your site without your knowledge
  2. Potentially dangerous redirects and pop-up ads for users viewing a your site.
  3. Unknown PHP files in the wp-includes folder which are not there in the WordPress GitHub repository
  4. There are PHP files in the wp-content/uploads directory and it’s sub-directories
  5. S.E.O Spam-Spammed search results
  6. Suspension of your hosting account to prevent the spread of the malware to other users of the your hosting company.

Fixing and prevention ofthe problem

  1. Wordfence is a security plugin that can fix this problem for you both in their free and premium versions
  2. Manually search your server for files that are usually targeted by VCD.ie The wp-upload and wp-include and delete the infected files if found.
  3. Install a Web Application Firewall (WAF) to block re-infection attempts
  4. Delete unused WordPress themes and plugins (even if disabled)
  5. Completely avoid and removed pirated themes on your website
  6. Update WordPress core, plugins and themes
  7. Delete Suspicious users in your account

Download and read the official whitepaper by WordFence on this issue below

About The Author

Leave a reply

Your email address will not be published. Required fields are marked *