The official website of Institute for National Security Studies (INSS) website in Israel was injected with malicious code, warns Websense security researchers.
Interestingly, the injected code try to exploit the same Java exploit vector (CVE-2012-0507) that managed to infect around 600,000 Mac users in a massive scatter attack dubbed Flashback a few weeks ago.
The exploit page hosts a 'test.jar' file that exploits of the well-known Java vulnerability CVE-2012-0507.
After analyzing the contents of the Jar file, researchers found that it was generated by the Metasploit toolkit, holds the vulnerability CVE-2012-0507. A variant of Poison Ivy RAT is automatically installed on the victim's computer after a successful java exploitation.