In my ‘what's the risk' post about the research done by IDC (PDF) on the risks of obtaining or using counterfeit software I mentioned I would share a personal experience with a site of the kind the research describes. The video below was captured from a sandboxed system connecting to one of these sites and it shows the site attempting to install a variety of malicious applications to my system.
I actually happened across the behavior shown in the video somewhat by accident. Some time ago while preparing for a presentation to an international group of Microsoft employees I went looking for an example of the kind of sites that offer hacks and cracks for MS products so I could include a screenshot in a slide. To find one of these sites I typed some common terms like windows, free, keygen etc. into a search engine and started clicking on the results. One of the top search results (at the time) was a site that tried to infect my system with malware the moment I connected to it. I grabbed some screenshots as my AV software was catching the attempts. The shots of this behavior that appeared in my presentation created quite a stir and actually helped kick off our first investigations into these kinds of sites. Here's the video.
A couple of notes on the video. First, the resolution is pretty low and there are some artifacts that show up from the screen cap software I used. I'll see if there's anything I can do about that if I have a chance in the future. Second, the video jumps a bit and that's because I shortened it because the delay between some of the infections was like 45 seconds or so and all together would have made the video like five minutes long with huge hunks of dead space between the AV alerts. Also, I did my best to obscure the nsfw content on some of the pages that pop up. I think it worked out pretty well but I might try to clean it up and repost at some point.