Popular humor site hosted Nuclear Pack exploit kit

Share this article:

Cracked.com, a humor website that is among the 300 most popular sites in the U.S., may have left visitors a sobering surprise this week.

According to Barracuda Labs, as of Sunday the website was compromised to host the Nuclear Pack exploit kit.

Daniel Peck, principal research scientist on the security team at Barracuda Labs, told SCMagazine.com on Wednesday that Cracked.com remained infected into Monday, though saboteurs may have had access to the site since early last week.

Exploits packaged in the kit were served through a malicious javascript on the site, he explained. And after analyzing the threat, Barracuda researchers found it suspicious that the malware sent requests to a newly registered domain, crackedcdm.com, which was set up Nov. 4.

“There has been some analysis that we did, and it seems that it came from the Nuclear [Pack] attack kit, serving the ZeroAccess malware,” Peck said.

Users running vulnerable versions of Java and Adobe Flash and PDF software, are among those who may have been impacted this week, he said.

In April, security firm Fortinet found that the ZeroAccess botnet was the top threat among devices on its network during the first quarter of the year. The ZeroAccess trojan is cab able of carrying out click fraud, causing victims to unknowingly click ads that drive money to scammers.

The ZeroAccess botnet has also been leveraged by criminals to amass Bitcoins via Bitcoin mining.

The Barracuda Labs team contacted Cracked.com via email and Twitter, but has yet to hear from the site's operators.

UPDATE: On Wednesday evening, Peck sent a follow up email to SCMagazine.com saying that the malicious payload is still being analyzed by Barracuda researchers.

"The exploits are triggering ZeroAccess payload rules...but the malware itself seems to be being detected as Androm, though it could well be a variant of any sort," Peck said.

Also, late that night, David Wong, executive editor of Cracked.com wrote in a site forum that the Cracked team was notified Tuesday afternoon of the issue being fixed. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.