Amnesty Int'l site serving Java exploits...
December 22, 2011 - "Amnesty International‘s homepage in the United Kingdom is currently serving malware that exploits a recently-patched vulnerability in Java. Security experts say the attack appears to be part of a nefarious scheme to target human rights workers... The site’s home page has been booby trapped with code that pulls a malicious script from an apparently hacked automobile site in Brazil. The car site serves a malicious Java applet that uses a public exploit to attack a dangerous Java flaw*... The site remains compromised..."
Comment: Emerson Povey @ amnesty.org.uk - December 23, 2011 - "... we have been working with our hosting service to resolve the issue. They have cleaned our servers, rebooted the system and removed the script from the default page. At 2pm today they confirmed that the problem is now fixed."
December 22, 2011 - "... compromised on or before Friday, December 16... Amnesty International UK has been notified... Java content (stolen from the Metasploit project), which targets CVE-2011-3544. If the exploit is successful, malware is installed on the visitor’s system..."
VirusTotal Detections for Exploit
... a more up-to-date report (24/43) for this file:
File name: 542b24f1da13f0b1d647f3865b09e026bf00d4ef.bin
Submission date: 2011-12-22 10:47:27 (UTC)
Current status: finished
Result: 24/43 (55.8%)
VirusTotal Detections for Exploit Payload
... a more up-to-date report (22/43) for this file:
File name: f91dd927fd78a36176a68998304d70c8
Submission date: 2011-12-20 16:19:51 (UTC)
Result: 22/43 (51.2%)
Last revised: 11/24/2011
CVSS v2 Base Score: 10.0 (HIGH)
Current versions of Java here*: