The popular humor website, Cracked[dot]com reportedly hosted malware that infected the machines of its visitors over the weekend and may still be doing so, according to Barracuda Labs research.

The malware proliferated via drive-by-downloads, and it is not known how many systems became infected as a result of visiting the site. Barracuda Labs claims the number of infections could be quite high considering that the site ranks 289 in the U.S. and 654 globally, according to the Web information firm, Alexa.

The attackers delivered their exploit with a malicious piece of javascript they embedded into cracked[dot]com.

According to the report, the javascript caused users to send a request to the domain “crackedCDM[dot]com.” Registration information for that domain suggests that attackers may have had access to cracked[dot]com as early as Nov. 4.

The malicious domain contained an iframe pointing to “p68ei5[dot]degreeexplore[dot]biz,” which then sent a cocktail of malicious PDFs, Java, HTML, and javascript files into the victim’s browser. If successful, the attackers then uploaded their malware to the affected machines.

Barracuda Labs claims that the infection is a stealthy one, leaving infected users with no indication of compromise other than the fact that a java plugin has launched and that the system is running on low memory.

You can find out more about the specific piece of malware in use here.

At the time of their Barracuda Labs’ publication, just seven of 46 malware engines were detecting the threat.

Cracked[dot]com did not respond to Barracuda Labs disclosure initially, but later posted in a forum that they had resolved the problem sometime Tuesday. Despite that, Barracuda Labs claims the site is still infected and that similar attacks on the site seem to be a recurring problem.

Categories: Web Security

Comments (7)

  1. anon

    So as a Kaspersky user was I protected from this or not?
    I didn’t get any notifications from KIS2014 despite having visited numerous cracked urls in the past couple of weeks.

  2. anon

    Submit comment, but no comment or confirmation appears.
    Re-submit comment, ‘It appears you have submitted a duplicate comment’ :/

    • Brian Donohue

      We have to approve all comments prior to publication. We only hold clear spam comments or ones that link to sites that we don’t recognize. Because of this, it often takes a bit of time for comments to go live.

  3. anon

    Thanks for the explanation. I still think a little confirmation would be a good idea – something along the lines of ‘Thank you for your comment, it is awaiting moderation’, or something like that. 🙂

Comments are closed.