In my ‘what's the risk' post about the research done by IDC (PDF) on the risks of obtaining or using counterfeit software I mentioned I would share a personal experience with a site of the kind the research describes. The video below was captured from a sandboxed system connecting to one of these sites and it shows the site attempting to install a variety of malicious applications to my system.
I actually happened across the behavior shown in the video somewhat by accident. Some time ago while preparing for a presentation to an international group of Microsoft employees I went looking for an example of the kind of sites that offer hacks and cracks for MS products so I could include a screenshot in a slide. To find one of these sites I typed some common terms like windows, free, keygen etc. into a search engine and started clicking on the results. One of the top search results (at the time) was a site that tried to infect my system with malware the moment I connected to it. I grabbed some screenshots as my AV software was catching the attempts. The shots of this behavior that appeared in my presentation created quite a stir and actually helped kick off our first investigations into these kinds of sites. Here's the video.