Amnesty International Serving Malware

Amnesty International‘s homepage in the United Kingdom is currently serving malware that exploits a recently-patched vulnerability in Java. The attack appears to be part of a malicious scheme to target human rights workers.  Krebs’ blog reports that the site’s home page has been booby trapped with code that pulls a malicious script from what appears to be a hacked automobile site in Brazil. 

The auto site serves up a malicious Java applet that uses a public exploit to attack a fairly new Java flaw. The applet in turn retrieves an executable file detected by Sophos antivirus as Trojan Spy-XR, a malware variant first spotted in June 2011.  This Trojan provides remote access connectivity handling, Denial of Service (DoS) or Distributed DoS (DDoS) capabilities, keyboard input capture, file or object deletion, process termination for getting rid of those end-point pesky security controls.