Hackers aimed last week at Amnesty International websites in Britain and Hong Kong with an exploit that tried to infect anyone visiting those sites.
Between May 8 and 9, 2012, the Websense® ThreatSeeker® Network detected that the Amnesty International United Kingdom website was compromised. The website was apparently injected with malicious code for these 2 days. During that time, website users risked having sensitive data stolen and perhaps infecting other users in their network. However, the website owners rectified this issue after we advised them about the injection. In early 2009, we discovered this same site was compromised, and in 2010, we reported another injection of an Amnesty International website, this time the Hong Kong site.
In the most recent case, we noticed that the exploit vector used was the same Java exploit (detailed in CVE-2012-0507) that has been used worldwide, and which has become somewhat infamous as the cause of the recent massive Mac OS X infection with Flashback.
Websense customers are protected from these threats by ACE, our Advanced Classification Engine.
The exploit was located on the index of the page:
An Amnesty foreign official in the UK supported Monday that the group’s site had been attacked, but proposed a differing account of the exploit’s length.
“Last Thursday, amnesty.org.uk was infected with a piece of malicious code. As soon as we became aware of the infection we worked with our hostingcompany Claranet to isolate it and remove it as a matter of urgency. Happily, the problem was resolved by Thursday lunchtime,”
said a spokeswoman for the group via email.