Avast recently uncovered a watering hole attack (previously seen in attacks on Web sites of the Council on Foreign Relations and Capstone Turbine Corporation) on the Web site for Reporters Without Borders. The company says the malicious code has since been removed.
"Hackers create a watering hole by injecting malicious code into a website that redirects visitors to an exploit page designed to infect the target with malware," explains CSO's Liam Tung. "It’s the same method used in a typical drive-by download attack on random visitors, except the watering hole has been selected for the audience it attracts."
"Such an organization is an ideal target for a watering hole campaign, as it seems right now the miscreants concentrate only on human rights/political sites -- many Tibetan, some Uygur, and some political parties in Hong Kong and Taiwan which are the latest hits in this operation," writes Avast's Jindrich Kubec. "In our opinion the finger could be safely pointed to China (again). "
"Reporters Without Borders' website had exploit code that used a recent Internet Explorer vulnerability (CVE-2012-4792), which has been patched," writes Computerworld's Jeremy Kirk. "It also used a Java vulnerability (CVE-2013-0422), which was patched in Oracle Java 7 Update 11."
"As Avast! experts highlight, the cybercriminals don’t seem to mind the fact that Microsoft has addressed the Internet Explorer vulnerability and Oracle has fixed the Java flaw they’re exploiting in this operation. ... They’re probably counting on the fact that most organizations don’t update their software as quickly as they should," writes Softpedia's Eduard Kovacs.