The Amnesty International UK website was compromised between May 8 and 9 and infect visitors with infamous Gh0st RAT, WebSense informs.
After analyzing the incident, WebSense researchers has found that the injection is similar to the one that affected INSS site last week , injected with malicious java code. The Java file try to exploit the famous Java vulnerability (CVE-2012-0507).
|Injected malicious code|
Once the exploit is successful, it downloads an executable file"sethc.exe", it creates a new binary file in the Windows system directory: C:\Program Files\... Interestingly, executable file has been signed by a "valid" certificate authority (CA).
According to the web sense researchers, this is not the first time when the site of Amnesty International UK is being infected with malware.