The UK Web site for Amnesty International is currently serving malware.
"The site’s home page has been booby trapped with code that pulls a malicious script from an apparently hacked automobile site in Brazil," writes Krebs on Security's Brian Krebs.
"The car site serves a malicious Java applet that uses a public exploit to attack a dangerous Java flaw that I’ve warned about several times this past month," Krebs writes. "The applet in turn retrieves an executable file detected by Sophos antivirus as Trojan Spy-XR, a malware variant first spotted in June 2011."
Go to "Amnesty International Site Serving Java Exploit" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.