Popular humor site hosted Nuclear Pack exploit kit

Share this article:

Cracked.com, a humor website that is among the 300 most popular sites in the U.S., may have left visitors a sobering surprise this week.

According to Barracuda Labs, as of Sunday the website was compromised to host the Nuclear Pack exploit kit.

Daniel Peck, principal research scientist on the security team at Barracuda Labs, told SCMagazine.com on Wednesday that Cracked.com remained infected into Monday, though saboteurs may have had access to the site since early last week.

Exploits packaged in the kit were served through a malicious javascript on the site, he explained. And after analyzing the threat, Barracuda researchers found it suspicious that the malware sent requests to a newly registered domain, crackedcdm.com, which was set up Nov. 4.

“There has been some analysis that we did, and it seems that it came from the Nuclear [Pack] attack kit, serving the ZeroAccess malware,” Peck said.

Users running vulnerable versions of Java and Adobe Flash and PDF software, are among those who may have been impacted this week, he said.

In April, security firm Fortinet found that the ZeroAccess botnet was the top threat among devices on its network during the first quarter of the year. The ZeroAccess trojan is cab able of carrying out click fraud, causing victims to unknowingly click ads that drive money to scammers.

The ZeroAccess botnet has also been leveraged by criminals to amass Bitcoins via Bitcoin mining.

The Barracuda Labs team contacted Cracked.com via email and Twitter, but has yet to hear from the site's operators.

UPDATE: On Wednesday evening, Peck sent a follow up email to SCMagazine.com saying that the malicious payload is still being analyzed by Barracuda researchers.

"The exploits are triggering ZeroAccess payload rules...but the malware itself seems to be being detected as Androm, though it could well be a variant of any sort," Peck said.

Also, late that night, David Wong, executive editor of Cracked.com wrote in a site forum that the Cracked team was notified Tuesday afternoon of the issue being fixed. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.