Barracuda Labs researchers recently found that the humor Web site Cracked.com was serving malicious software to site visitors via exploits designed to target users’ Web browsers and plugins.
“In this case, malicious content originated directly from the Cracked.com Web site, and it is unlikely that the user would have noticed anything unusual while their system was attacked. … No ad networks were involved, which means that some kind of direct Web site compromise occurred,” Barracuda Labs researcher Paul Royal wrote in a blog post describing the breach.
The malware involved in the attack is currently detected by only 8 of 48 leading anti-virus solutions — McAfee, Sophos, Symantec and Trend Micro all fail to detect the software as malicious.
In November of 2013, Barracuda found a similar breach on the same site, writing, “cracked.com should be avoided if you’re concerned with malware.”