Submitted via IRC for soylent_red
WordPress Admins Infect Their Sites With WP-VCD via Pirated Plugins
WordPress sites have been the target of a highly active malicious campaign that infects them with a malware dubbed WP-VCD that hides in plain sight and quickly spreads to the entire website.
The group of hackers behind it have also made sure that their malicious payload is also very hard to get rid of once it manages to compromise a site. To make things worse, the malware is also designed to scan its way through the hosting server and infect any other WordPress sites it finds.
WP-VCD is spread by the most active malicious campaign impacting WordPress sites as of late, with the Wordfence threat intelligence team that took a closer look at it associating "individual WP-VCD malware samples with a higher rate of new infections than any other WordPress malware since August 2019."
The malware is also "installed on more new sites per week than any other malware in recent months" and "the campaign shows no signs of slowing down."
This is quite remarkable given that the malware has been doing rounds for more than two years, with the first publicly reported case of a WP-VCD infection going as far as February 2017, and users reporting infections and asking for advice on how to get rid of them on the WordPress Support forum [1, 2, 3, 4, 5] and in various other places on the Internet. [1, 2, 3]
(Score: 4, Informative) by zemm on Friday November 08 2019, @01:42PM (3 children)
Don't miss this detail: That "in the case of WP-VCD the webmasters are the ones who spread the infection to their websites. This happens because the malware is disseminated using pirated (also known as nulled) copies of WordPress themes and plugins"
WordPress security is not perfect but it's not as bad as is sometimes assumed; often it's bad practices by the people responsible for the website that cause issues. In this case, the webmasters are infecting their own sites by downloading and installing illegitimate versions of normally paid plugins from shady sites that have been modified to include malware.
(Score: 1, Touché) by Anonymous Coward on Friday November 08 2019, @02:26PM (1 child)
But. But. Software *wants* to be free.
(Score: 4, Insightful) by barbara hudson on Friday November 08 2019, @03:21PM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by loonycyborg on Friday November 08 2019, @04:27PM
You can easily roll out a site using opensource or at least free-as-beer software, so no idea why people would ever reach for paid stuff, pirated or otherwise. This is also question of business model. Only actual effort here is involved in maintaining the site and people maintaining own sites generally doesn't lead to more effort for upstream plugin developers. Or at least that effort doesn't scale with number of users who use it. So upstream devs getting paid in proportion to number of users makes no sense.