From 2578daabf6ca015fac77b346fd9326baeacd82ef Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 10 Dec 2017 10:19:17 +0100
Subject: [PATCH] merge conflict solved - wp-vcd added

---
 clusters/tool.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/tool.json b/clusters/tool.json
index 72a7fbb..fc0b4bf 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -3095,6 +3095,16 @@
           "https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfisher/"
         ]
       }
+    },
+    {
+      "value": "wp-vcd",
+      "description": "WordPress site owners should be on the lookout for a malware strain tracked as wp-vcd that hides in legitimate WordPress files and that is used to add a secret admin user and grant attackers control over infected sites.\nThe malware was first spotted online over the summer by Italian security researcher Manuel D'Orso.\nThe initial version of this threat was loaded via an include call for the wp-vcd.php file —hence the malware's name— and injected malicious code into WordPress core files such as functions.php and class.wp.php. This was not a massive campaign, but attacks continued throughout the recent months.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/wp-vcd-wordpress-malware-campaign-is-back/",
+          "https://www.bleepingcomputer.com/news/security/wp-vcd-wordpress-malware-spreads-via-nulled-wordpress-themes/"
+        ]
+      }
     }
   ]
 }