Cracked.com, a humor website that is among the 300 most popular sites in the U.S., may have left visitors a sobering surprise this week.
According to Barracuda Labs, as of Sunday the website was compromised to host the Nuclear Pack exploit kit.
Daniel Peck, principal research scientist on the security team at Barracuda Labs, told SCMagazine.com on Wednesday that Cracked.com remained infected into Monday, though saboteurs may have had access to the site since early last week.
Exploits packaged in the kit were served through a malicious javascript on the site, he explained. And after analyzing the threat, Barracuda researchers found it suspicious that the malware sent requests to a newly registered domain, crackedcdm.com, which was set up Nov. 4.
“There has been some analysis that we did, and it seems that it came from the Nuclear [Pack] attack kit, serving the ZeroAccess malware,” Peck said.
Users running vulnerable versions of Java and Adobe Flash and PDF software, are among those who may have been impacted this week, he said.
In April, security firm Fortinet found that the ZeroAccess botnet was the top threat among devices on its network during the first quarter of the year. The ZeroAccess trojan is cab able of carrying out click fraud, causing victims to unknowingly click ads that drive money to scammers.
The ZeroAccess botnet has also been leveraged by criminals to amass Bitcoins via Bitcoin mining.
The Barracuda Labs team contacted Cracked.com via email and Twitter, but has yet to hear from the site's operators.
UPDATE: On Wednesday evening, Peck sent a follow up email to SCMagazine.com saying that the malicious payload is still being analyzed by Barracuda researchers.
"The exploits are triggering ZeroAccess payload rules...but the malware itself seems to be being detected as Androm, though it could well be a variant of any sort," Peck said.
Also, late that night, David Wong, executive editor of Cracked.com wrote in a site forum that the Cracked team was notified Tuesday afternoon of the issue being fixed.
