Cybercriminals Commandeer Amnesty International UK Website

The homepage of Amnesty International, an international human rights non-governmental organization (NGO), in the United Kingdom has been hijacked by cyber crooks. The site is spreading malicious software which makes use of a freshly-patched susceptibility in Java, say the researchers at Barracuda Networks, a security firm.

On the basis of past data, the security specialists reached on the conclusion that the attack had taken place on December 16, 2011, or little before that. The website's main page was locked in with code that drags a malevolent script from Brazil's seemingly hacked automobile website, which works as a spiteful Java applet making use of a public exploit to hit an unsafe Java fault. The applet then recovers an executable file identified as Trojan Spy-XR by Sophos antivirus. Trojan Spy-XR is a variant of malicious software that was at first identified in June 2011.

The UK site, which enjoys global rank of 90,203 according to Alexa.com, is not famous, and there are high chances that the cybercriminals do not aim at extracting financial information. Apparently, the assault may be part of a continuing campaign by the Chinese cybercriminals to dig out data from dissenters and human rights organizations.

The attack falls into the sketch of earlier campaigns planned against human rights NGOs, reported krebsonsecurity.com on December 22, 2011 quoting Paul Royal, a research expert at Barracuda Networks. Royal said some countries make use of zero-day exploits and various other methods to get electronic records of the human rights activists' actions. A number of activists are so intelligent that they do not check out links in well-phrased and well-written emails either. But if a website like Amnesty International, which is frequently visited by these activists, is attacked, then the targets come to attackers themselves.

In one more statement published by barracudalabs.com, he added that the potential of context-specific injury is major. The Amnesty International website has also been attacked earlier by cyber crooks. Websense Security Labs ThreatSeeker Network had spotted in November 2010 that the Hong Kong Website of Amnesty International was seized by numerous exploits, including the latest Microsoft Internet Explorer 0-day, and as a result, it was serving malevolent software.

Related article: Cheburgen.a: A New Email Worm

» SPAMfighter News - 1/2/2012