Everyone involved with the digital world has seen, at one point or another, an ad for something too good to be true in the Google search results. “Free download” or “Cracked version” are pretty big red flags that the software you’re downloading might not be exactly, well, legal. That’s a fairly cut and dry example of obvious piracy, where you could find pirated content via a simple keyword search, and we all know it’s against the law to knowingly pirate software.
If you’ve ever ran a WordPress site (much like the one you’re reading this article on), you’d know that free themes are typically a bit bland. To really make your site stand out, you can start with a free theme, pour hours and hours into it, and maybe walk away with a great site for all your trouble. You could also skip most of that work and just go buy a non-free theme from any old site you’d find using a quick Google search. Let’s say you wanted to get a copy of the theme “eduma”, so you searched “eduma theme download”; these are the results you’d see:

Every single one of these results leads to a site which hosts a hacked version of this “eduma” theme. Often referred to as “nulled”, these versions of this theme have been stripped of any and all DRM put in by the theme’s creator(s). Obviously, this is piracy, and it’s illegal, but, to a novice who isn’t familiar with legitimate theme and plugin sites like https://themeforest.net/ or https://codecanyon.net/, these could easily pass the sniff test as being legitimate websites offering kickass themes for free.
ZDNet put out an article recently, detailing how all these sites are ran by a single organization, called WP-VCD
. This organization distributes “nulled” themes and plugins on the above mentioned sites, intending to spread their own flavor of malware to unsuspecting WordPress admins around the internet. This malware is particularly nefarious in that it not only uses keywords and backlinks to promote these false sites leading to amazing SEO rankings for the malware distribution sites, but also in that it also displays advertising blocks and popups that are generating some serious coin for the owners of this malware.
As if hijacking a single WordPress site wasn’t enough, this malware also spreads as soon as the source package or plugin is installed, adding itself to every installed plugin and theme. In the words of the famous salesman Billy Mays, “But wait, there’s more!” In the case of a WordPress installation running on a shared hosting environment, this malware will actually spread to other tenants` WordPress installations. In today’s world of shared hosting solutions encouraging extremely dense deployments of sites on a single host, this means that a single unscrupulous tenant, using pirated software on their WordPress installations, can actually cause the infection of many other sites, even though that user wouldn’t have permissions of the other sites or even knowledge of their existence.
In this day and age, just remember, nothing in life is truly free. If you are getting something for free, the odds are good that you are the product in this transaction, or, in the case of the WP-VCD malware, your site is the product. If it sounds too good to be true, it probably is!
One last thing to note; this is the fourth week’s entry in a series of blog posts I’ll be doing, so stay tuned for more if you’re enjoying this content!
Stay safe out there!