OFFICIAL SECURITY BLOG

Cracked.com Found Serving Malware

November 14, 2013 | BY

In perhaps a bit of irony, the humor website cracked.com was flagged by Google’s Safe Browsing Technology.

Cracked.com is a website derived from the original “Cracked” magazine back in the 1950’s. The website was formed in 2007 and has been making people laugh ever since. At least until it started infecting computers.

crackedCracked.com as it normally appears, after the malicious script was removed.

Barracuda Networks was the first to spot the drive-by-downloads and detailed them in a blog post here.

According to their research, cracked.com was serving malicious JavaScript which redirected users to crackedcdm.com, a domain registered on 11/4/2013. From there an iframe redirects to p68ei5.degreeexplore.biz, where various PDF, Java, and JavaScript files are sent to the browser in an effort to exploit the host. When it succeeds, malware is installed on the host PC. Malwarebytes detects the sample dropped as Spyware.Zbot.ED.

zboted

Barracuda Networks has commented that cracked.com has suffered several compromises, and was labeled as a “reoccurring problem”.

High-profile websites are often targeted by hackers since they receive a lot of visitors. Examples of popular websites that have suffered breaches in the past are NBC and the PHP website.

Thankfully Google flagged the website, likely saving thousands of visitors from a potential infection. Cracked.com currently appears safe, but site visitors may want to exercise caution if security does not improve.

_________________________________________________________________

Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and in-depth analysis on current malware threats. He has over 5 years of experience working with US defense intelligence agencies where he analyzed malware and developed defense strategies through reverse engineering techniques. His articles on the Unpacked blog feature the latest news in malware as well as full-length technical analysis.  Follow him on Twitter @joshcannell