Amnesty International UK compromised, serving exploits and malware

Summary:Researchers from Barracuda Labs have detected a drive-by malware campaign currently embedded at the web sites of Amnesty International UK.

Researchers from Barracuda Labs have detected a drive-by malware campaign currently embedded at the web site of Amnesty International UK.

Based on historical data, the researchers conclude that the compromise took place on, or before Friday, December 16.

Once users visit the site, a malicious script will load from 3max[.]com serving CVE-2011-3544.

Detection rate for the malicious payload is low.

UPDATE: Emerson Povey from Amnesty International comments:

We have been working with our hosting service to resolve the problem. They have cleaned both servers, rebooted, and removed the script. At 2pm today they confirmed that the issue is now resolved.

Topics: Browser, Malware, Security, Software Development

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.