WP-VCD is a WordPress botnet that has been around since early 2017. It is able to create backdoor accounts, spread to other installed themes, redirect visitors, inject ads, and add command and control capabilities to a victim’s site. Ad revenue is where the group makes its money though, and the popularity of ad blocking browser plugins may be causing the botnet operators some headaches. Some versions of the infection are now including anti-adblocking scripts to force ads to appear even when a visitor has attempted to block the ads. Anti-adblocking scripts have gained popularity across many subscriptions-based sites as a way to nag visitors to either allow ads or to subscribe for ad-free viewing. Because of this, it should be no surprise that malicious advertising (malvertising) networks are also fighting ad-blocking with their own scripts.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in