Amnesty International Site Found Hosting Malware, IE Zero Day

2010-11-11T17:25:00
ID THREATPOST:696343D6EF6CF90E8D7CF44E62381499
Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:35:42

Description

Researchers at security firm Websense have found that Amnesty International’s Hong Kong site, amnesty.org.hk, is serving up a cocktail of malware that includes last week’s Internet Explorer 0-day.

Visitors to the human rights organization’s site operating versions 6 and 7 of IE are being targeted, according to a Websense report Wednesday. IE 8, with it’s added security implementations, is spared from this attack.

In addition to the IE flaw, the site is launching iframe attacks that forward unsuspecting users to a server hosting recent Flash, Quicktime and Shockwave vulnerabilities. While these holes have already been patched by Adobe and Apple, Microsoft hasn’t said when they’ll patch theirs. The company hasn’t ruled out an out-of-band fix.

In the meantime, enabling Data Execution Prevention (DEP) and Protected Mode in IE can help alleviate the flaw, which can be targeted through drive-by download attacks, Websense said.

The attacks are similar to those last month, when attackers were found using drive-by download attacks to serve malware via the Nobel Peace Prize website.

Read the full Websense report.