Amnesty International’s Website Exploits Computers of Leftist Do-Gooders
A malicious javascript running on Amnesty International’s UK site is injecting malcode via a 0-Day Adobe exploit. So those hippies checking out whether or not they need to scrape off that “Free Tibet” bumper sticker are getting pwn3d by Amnesty International’s website.
The Armorize Blog has full details about the exploit and how it works here. Some key meta to search for is the presence of the following IP addresses:
- 71.6.217.131
- 182.237.3.105
And the following domain names:
- jeentern.dyndns.org
- www.amnesty.org.uk
And a filename called:
newsvine.jp2
Thanks to Brian Krebs for the heads up along with lots of twitter-folk: