Popular humor site hosted Nuclear Pack exploit kit

Share this article:

Cracked.com, a humor website that is among the 300 most popular sites in the U.S., may have left visitors a sobering surprise this week.

According to Barracuda Labs, as of Sunday the website was compromised to host the Nuclear Pack exploit kit.

Daniel Peck, principal research scientist on the security team at Barracuda Labs, told SCMagazine.com on Wednesday that Cracked.com remained infected into Monday, though saboteurs may have had access to the site since early last week.

Exploits packaged in the kit were served through a malicious javascript on the site, he explained. And after analyzing the threat, Barracuda researchers found it suspicious that the malware sent requests to a newly registered domain, crackedcdm.com, which was set up Nov. 4.

“There has been some analysis that we did, and it seems that it came from the Nuclear [Pack] attack kit, serving the ZeroAccess malware,” Peck said.

Users running vulnerable versions of Java and Adobe Flash and PDF software, are among those who may have been impacted this week, he said.

In April, security firm Fortinet found that the ZeroAccess botnet was the top threat among devices on its network during the first quarter of the year. The ZeroAccess trojan is cab able of carrying out click fraud, causing victims to unknowingly click ads that drive money to scammers.

The ZeroAccess botnet has also been leveraged by criminals to amass Bitcoins via Bitcoin mining.

The Barracuda Labs team contacted Cracked.com via email and Twitter, but has yet to hear from the site's operators.

UPDATE: On Wednesday evening, Peck sent a follow up email to SCMagazine.com saying that the malicious payload is still being analyzed by Barracuda researchers.

"The exploits are triggering ZeroAccess payload rules...but the malware itself seems to be being detected as Androm, though it could well be a variant of any sort," Peck said.

Also, late that night, David Wong, executive editor of Cracked.com wrote in a site forum that the Cracked team was notified Tuesday afternoon of the issue being fixed. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

Documents reveal NSA plans to map every internet connected device in the ...

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.