ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Amnesty International UK compromised, serving exploits and malware

By | December 22, 2011, 3:31pm PST

Summary: Researchers from Barracuda Labs have detected a drive-by malware campaign currently embedded at the web sites of Amnesty International UK.

Researchers from Barracuda Labs have detected a drive-by malware campaign currently embedded at the web site of Amnesty International UK.

Based on historical data, the researchers conclude that the compromise took place on, or before Friday, December 16.

Once users visit the site, a malicious script will load from 3max[.]com serving CVE-2011-3544.

Detection rate for the malicious payload is low.

UPDATE: Emerson Povey from Amnesty International comments:

We have been working with our hosting service to resolve the problem. They have cleaned both servers, rebooted, and removed the script. At 2pm today they confirmed that the issue is now resolved.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Researcher, Amnesty, Malware, Exploit, Spyware, Adware & Malware, Cyberthreats, Web Site Development, Viruses And Worms, Security, Internet, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter
1
Comments
Add Your Opinion

Join the conversation!

0 Votes
+ -
It's nice to know that they have cleaned their servers, but...
JonathonDoe 28th Dec
that is only half the story. Why doesn't this article inform the reader of how to clean the malware off of an infected client machine which may have visited that site?

Lazy writing, just plain lazy. Frankly, I expect more from a tech site like ZDN.

Regards,
Jon

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix