Amnesty International website Hacked to Serve Java Exploit

Amnesty_InternationalAmnesty International’s UK website was hacked recently, to incorporate an iframe that served a Trojan.

The iframe loads a CVE-2011-3544 based java exploit code, fetched from a Brazilian automobile site which itself was hacked. Security Analyst, Brian Krebs reports that the retrieved executable file is a trjoan classified as Trojan Spy-XR. This Trojan, which relies on a patched Java vulnerability, tracks and steals the affected user’s keystrokes.

According to Paul Royal of Barracuda Labs, the website was compromised on or before December 16th. So, if you have visited the website anytime between and have out-dated Java software, there’s a good chance that your computer is infected. In that case, run a complete system scan using your updated anti-virus. It is also a good idea to change the passwords of your online accounts.

This exploit will not affect you if you had already installed the latest Java updates or if you don’t have Java installed.

This is not the first time that Amnesty’s website was compromised. Last year, their Hong Kong website was hacked to spread malware of similar kind. The UK website itself has been compromised previously to exploit a Flash Player zero-day vulnerability.

Speculating about motive for the attacks, Paul went on to say in his blog post that,

The working theory for this anomaly relates to Amnesty International as a human rights non-governmental organization. To explain, certain countries use zero day exploits and other techniques to gain electronic information about the activities of human rights activists. Of course, a subset of these activists are too smart to click on links in even well-worded spearphishing emails. But what if you compromised a website frequented by these activists (e.g., Amnesty International)? Then your targets come to you. The context-specific damage potential is significant.

Published by

Nithin Ramesh

Nithin is a blogger and a Windows security enthusiast. He is currently pursuing Bachelors in Electronics and Communication. Apart from technology his other interests include reading and rock music. His Twitter handle is @nithinr6