Popular humor site hosted Nuclear Pack exploit kit

Share this article:

Cracked.com, a humor website that is among the 300 most popular sites in the U.S., may have left visitors a sobering surprise this week.

According to Barracuda Labs, as of Sunday the website was compromised to host the Nuclear Pack exploit kit.

Daniel Peck, principal research scientist on the security team at Barracuda Labs, told SCMagazine.com on Wednesday that Cracked.com remained infected into Monday, though saboteurs may have had access to the site since early last week.

Exploits packaged in the kit were served through a malicious javascript on the site, he explained. And after analyzing the threat, Barracuda researchers found it suspicious that the malware sent requests to a newly registered domain, crackedcdm.com, which was set up Nov. 4.

“There has been some analysis that we did, and it seems that it came from the Nuclear [Pack] attack kit, serving the ZeroAccess malware,” Peck said.

Users running vulnerable versions of Java and Adobe Flash and PDF software, are among those who may have been impacted this week, he said.

In April, security firm Fortinet found that the ZeroAccess botnet was the top threat among devices on its network during the first quarter of the year. The ZeroAccess trojan is cab able of carrying out click fraud, causing victims to unknowingly click ads that drive money to scammers.

The ZeroAccess botnet has also been leveraged by criminals to amass Bitcoins via Bitcoin mining.

The Barracuda Labs team contacted Cracked.com via email and Twitter, but has yet to hear from the site's operators.

UPDATE: On Wednesday evening, Peck sent a follow up email to SCMagazine.com saying that the malicious payload is still being analyzed by Barracuda researchers.

"The exploits are triggering ZeroAccess payload rules...but the malware itself seems to be being detected as Androm, though it could well be a variant of any sort," Peck said.

Also, late that night, David Wong, executive editor of Cracked.com wrote in a site forum that the Cracked team was notified Tuesday afternoon of the issue being fixed. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.