Amnesty International Website Compromised to Produce Malware
The upholder of human rights, Amnesty International reportedly had its United Kingdom website under the control of hackers between May 7 and 9, 2012 so it could be manipulated for installing malicious software on the computers that accessed the site. Websense the Web security company reported this.
It (Websense) stated that the hackers used a malware, which abused the CVE-2012-0507 security flaw within Java through the website's main page.
The company explained that the exploit utilized during the assault seemingly was a replica of Metasploit a penetration testing form of open source kind that was extremely well-known within the circle of security professionals.
It further said that the exploit planted the PC-Trojan Gh0st Remote Administration Tool (RAT) commonly employed during targeted assaults. The Gh0st RAT was used for filching passwords, e-mails, files along with other confidential information. But, according to Websense, the hack occurred because of one Web-assault of a high-scale campaign.
VeriSign the digital certifying authority endorsed the file that was created for planting the PC-malware i.e. a backdoor, and it serviced to the organization namely Tencent Technology. The endorsing made the assault against people visiting the Amnesty International website increasingly refined wherein, by making the malware appear genuine, visitors' doubt was tamped down.
Senior Manager Carl Leonard of Websense Security Labs stated that his company spotted more than a hundred other websites that too were contaminated with the identical malware, which hit the UK Amnesty International website and also whose time of occurrences coincided with the charity site. Pcworld.com published this dated May 11, 2012.
Similarities were observed among the Amnesty International hack and one other compromise spotted during the 1st-week of May 2012 of INSS (Israeli Institute for National Security Studies) website.
Overall, it's being suggested that Web-surfers who went to the UK Amnesty International site during May 7-9, 2012 must verify if there are any indications of the contamination through the use of updated anti-virus software.
Meanwhile, security researchers state there's been other instances too when malware stuck a website of Amnesty International like its compromise during 2009, while the charitable organization's Hong Kong division was infected during 2010.
» SPAMfighter News - 21-05-2012