Amnesty International‘s homepage in the United Kingdom is currently serving malware that exploits a recently-patched vulnerability in Java. Security experts say the attack appears to be part of a nefarious scheme to target human rights workers.
The site’s home page has been booby trapped with code that pulls a malicious script from an apparently hacked automobile site in Brazil. The car site serves a malicious Java applet that uses a public exploit to attack a dangerous Java flaw that I’ve warned about several times this past month. The applet in turn retrieves an executable file detected by Sophos antivirus as Trojan Spy-XR, a malware variant first spotted in June 2011.
A woman who answered the phone this morning at Amnesty International’s research and policy branch in the U.K. declined to give her name, but said she would pass on the information about the break-in. The site remains compromised.
This is hardly the first time Amnesty International’s sites have been hacked to serve up malware. The organization’s site was hacked in April 2011 with a drive-by attack. In November 2010, security firm Websense warned Amnesty International’s Hong Kong Web site was hacked and seeded with an exploit that dropped malware using a previously unknown Internet Explorer vulnerability. Continue reading →