Tech

WordPress botnet deploys anti-adblocker script to make sure its spammy ads are profitable

WP-VCD botnet operators are having the same problems all site operators are having: Ad blockers!

Written by Catalin Cimpanu, Contributor Feb. 19, 2020 at 9:39 a.m. PT

techrepublic cheat sheet

How to become a developer: Salaries, skills, and the best languages to learn

The threat actor behind the internet's largest WordPress botnet is using an anti-adblocker script to make sure the ads they inject on hacked sites are showing up in users' browsers and generating a profit.

The botnet is named WP-VCD and has been active since early 2017.

ZDNet covered the botnet's modus operandi in a previous and more expansive article in November 2019. To summarize, the WP-VCD gang runs a network of "free download" sites where they share pirated commercial WordPress themes.

Unbeknownst to the users who download these pirated themes is that they hide a backdoor that allows the WP-VCD gang to hijack websites.

The WP-VCD gang uses the hijacked sites to redirect incoming visitors to malicious sites that host phishing pages or malware-laced files.

WP-VCD gang makes money by injecting ads on hacked sites

But the WP-VCD gang also injects ads into these hacked websites in order to generate revenue via pay-per-impression or pay-per-click advertising schemes.

With various studies estimating the global ad-blocker usage rates somewhere between 30% and 45% of all internet users, users who use an ad blocker and visit the WP-VCD hacked sites can put a serious dent in the gang's expected profits.

However, the WP-VCD gang has responded to this trend by integrating an anti-adblocker script inside their malware, according to new research published today by cybersecurity firm Prevailion.

Researchers say the script will bypass the ad detection mechanisms used by modern browser ad-blocking extensions and show the gang's ads regardless.

Based on their analysis, the hackers appear to have integrated a script that was posted on an online forum in 2017.

No need for pirated themes anymore

In hindsight, there is no reason why a botnet like WP-VCD should even exist nowadays, let alone be one of the biggest WordPress botnets around.

The practice of downloading pirated themes was fashionable a few years back when commercial themes were expensive, and most WordPress free themes were featureless and kind of useless.

Since then, many WordPress theme developers have released better free versions of their themes, and the open-source community has also banded together to build and provide free themes with advanced features.

Site developers have a bevy of free options at their disposal these days, and they have no reason to be tempted with pirated content anymore.