WP-VCD backdoor grinds your WordPress business to a halt
WP-VCD is a backdoor that operates on your website and lead to a real harm. The main attack vector is WordPress themes. That backdoor hids through cracked WP themes you may get on some unofficial sources. That all means, that very you can be the reason why your website is under attack! Just ‘cos one of these hacked unofficial theme been uploaded to your WordPress site on your own 🙂
Actions:
WP-vcd usually infects all themes on your WordPress website. If there are other (uninsulated) WordPress sites nearby on your host, they can also be infected;
– a site administrator account can be created for an attacker automatically;
– illegal links and redirects are being injected to the pages of the site;
– there is also an illegal content substitution on the site possible;
– the site becomes a member of the botnet (spamming / DDoS attacks).
Harm:
– visitors can be redirected to other sites (phishing or malicious);
– also, visitors may faced to a pop-up banners;
– if site is used by an attacker as a part of botnet, then the resources consumed by the site increase – the site begins render pages slowly.
As a consequence of all of the above: the site loses its search position and customer trust, which is critical for your business.
The signs:
The general backdoor sign is the presence of the class.plugin-modules.php or class.theme-modules.php file in the plugin / theme that the user installs on his site. This file initiates the infection of the entire site when installing the theme / plugin from a third-party source;
– wp-temp.php and wp-vcd.php files appear in the wp-includes / folder;
– a malicious insert appears in the functions.php file in the site’s themes;
– also, the WP-VCD connection code is embedded into the WordPress native file wp-includes / post.php.
How to fix:
Malicious code injections and malicious WP-VCD files can be deleted automatically by Virusdie;
– You also need to check your WordPress of extraneous accounts with administrator permissions;
– since the site was under the control of an attacker for some time, additional backdoors, mailers, etc., other than WP-VCD, might also appear. We do our best to find and remove those all automatically too.
– further more, we recommend your install WordPress themes and plugins from official sources.
Comments