Wordfence update on WP-VCD

WP-VCD is still infecting more new sites per week than any other active malware campaign. Even after publishing a paper on the campaign, Wordfence has yet to identify any meaningful change in the rate of new infections.

And an excellent tip on monitoring your website:

Periodically visit your sites from new devices and locations without logging into them. WP-VCD’s malvertising code attempts to hide itself from administrators by storing a cookie on their device and logging the IP address they connected from. That way, even if the admin logs out, it can still hide until they clear their cookies and connect from a new IP address. This technique is not unique to WP-VCD, and can be useful in identifying other malicious activity that would have otherwise gone unnoticed.

Leave a Reply

Your email address will not be published. Required fields are marked *