The popular humor website, Cracked[dot]com reportedly hosted malware that infected the machines of its visitors over the weekend and may still be doing so, according to Barracuda Labs research.
The malware proliferated via drive-by-downloads, and it is not known how many systems became infected as a result of visiting the site. Barracuda Labs claims the number of infections could be quite high considering that the site ranks 289 in the U.S. and 654 globally, according to the Web information firm, Alexa.
The attackers delivered their exploit with a malicious piece of javascript they embedded into cracked[dot]com.
According to the report, the javascript caused users to send a request to the domain “crackedCDM[dot]com.” Registration information for that domain suggests that attackers may have had access to cracked[dot]com as early as Nov. 4.
The malicious domain contained an iframe pointing to “p68ei5[dot]degreeexplore[dot]biz,” which then sent a cocktail of malicious PDFs, Java, HTML, and javascript files into the victim’s browser. If successful, the attackers then uploaded their malware to the affected machines.
Barracuda Labs claims that the infection is a stealthy one, leaving infected users with no indication of compromise other than the fact that a java plugin has launched and that the system is running on low memory.
You can find out more about the specific piece of malware in use here.
At the time of their Barracuda Labs’ publication, just seven of 46 malware engines were detecting the threat.
Cracked[dot]com did not respond to Barracuda Labs disclosure initially, but later posted in a forum that they had resolved the problem sometime Tuesday. Despite that, Barracuda Labs claims the site is still infected and that similar attacks on the site seem to be a recurring problem.