The UK Web site for Amnesty International is currently serving malware.
"The site’s home page has been booby trapped with code that pulls a malicious script from an apparently hacked automobile site in Brazil," writes Krebs on Security's Brian Krebs.
"The car site serves a malicious Java applet that uses a public exploit to attack a dangerous Java flaw that I’ve warned about several times this past month," Krebs writes. "The applet in turn retrieves an executable file detected by Sophos antivirus as Trojan Spy-XR, a malware variant first spotted in June 2011."
Go to "Amnesty International Site Serving Java Exploit" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.