back to article Nasty IE 0day exploit hosted on Amnesty International site

Visitors to Amnesty International's Hong Kong website are being bombarded with a host of lethal exploits, including one that attacks an unpatched vulnerability in Microsoft's Internet Explorer browser, researchers at security firm Websense said. The injected IE attack code resides directly on the pages of amnesty.org.hk, an …

COMMENTS

This topic is closed for new posts.
Silver badge

Something missing from this article...

"an indication that the perpetrators were able to penetrate deep into the website's security defenses."

And the web server is...?

3
0
Bronze badge

Netcraft says:-

http://amnesty.org.hk was running Apache on Linux when last queried at 11-Nov-2010 06:16:06 GMT

0
0
Boffin

Superfluous title

11/11/10 07:44:04 Browsing http://amnesty.org.hk/

Fetching http://amnesty.org.hk/ ...

GET / HTTP/1.1

Host: amnesty.org.hk

Connection: close

User-Agent: Sam Spade 1.14

HTTP/1.1 302 Found

Date: Thu, 11 Nov 2010 07:43:30 GMT

Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8b PHP/5.2.6

X-Powered-By: PHP/5.2.6

Status: 302 Redirected

Location: http://amnesty.org.hk/html

Content-Length: 66

Connection: close

Content-Type: text/html

0
0
Boffin

Web server

Well the headers say:

Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8b PHP/5.2.6

0
0
Silver badge

Thank you everybody.

So it is Apache 2.2.9 on Unix with PHP 5.2.6. Both are not exactly new. Do we know how this was compromised? I'll scream if it was the good ol' SQL walk-in.

I am asking... because... to be honest, I think the compromising of a major site is somewhat more newsworthy than (yet another) IE exploit.

0
0
Grenade

Wow

"bombarded with a host of lethal exploits"

Lethal? Blimey.

2
0

Well, have a look...

Netcraft, he say:

Linux Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8a DAV/2 PHP/4.4.7

...at the time of the compromise. Now updated, and secured, presumably. I trust you weren't looking for a MS IIS dig?

0
0
Anonymous Coward

Who could be behind this I wonder

Hmm, Amnesty HK, Nobel Peace Prize targeted within a very short timescale. Anyone care to speculate that a certain large country in Asia with a not very good human rights record might have something to do with it?

1
0
Gold badge

Amnesty international == "Malicious website"

Perhaps from now on the writers of the alerts (especially MS) will not say that the exploit only works if the user is co-erced into visiting a malicious website.

I would not describe the nobel prize foundation or Amnesty international as malicious. Given that these exploits can be hosted on almost _any_ webserver, the alerts should say that they can be exploited by visiting _any_ website.

1
0

While I agree

While I agree that MS, Mozilla, et al. should try to patch up this 0day stuff a bit (well a lot) quicker, I don't agree with your reasoning here.

Of course the Nobel Peace Prize lot or Amnesty International do not have any kind of malicious intent, but they are clearly at fault for putting together yet another swiss cheese website. At a guess, they simply failed to sanatise their inputs or outputs properly, to the effect that SQL commands could be injected through the querystring, and then the site would happily render script tags back out. Of course, it may have been that the sites were more secure, and this was a "proper" hack, but if world goverments can't get it right, it wouldn't surprise me if a club and a charity couldn't either.

Patching 0day holes in browsers without break loads of legitamite stuff is often hard, a fact often overlooked by whinging pundits. Writing a website properly is not, hence I'd blame the site operators more here.

0
0
Black Helicopters

Just out of curiosity

...which group would be the most likely to target the site of an organisation that does so much good in the world? Generic hackers? Possibly if they were complete bastards. Or perhaps governments that have come under criticism for various human rights violations...?

Dammit, the man in the black helicopter stole my tin-foil hat.

2
0
Linux

Well

Windows users are like people who accept inefficient, tyrannical regimes and go along with them.

1
1
FAIL

What?

I know everyone here loves their 'kool' Linux, *BSD, etc but that statement is a bit over-reaching. It may be hard to believe that there are people who use the computer that just wants it to work, kinda like most people (myself included) don't know the ins and outs of their vehicle. I just want it to get me to A and B.....

0
0

websploit

Well, I visited a page last week with ie8 and my virus scanner went off the chart...

The page I visited (a popular forum, safe for work and nothing illegal) managed to change a regkey, install a proxy server, and change ie8's proxy configuration..

3 instances of the program was running, all from the temp directory, and the reg key would have seen it install another bit of software had I rebooted.. There was also a bit of script added for firefox so once it started it would have been comprimised too...

I submitted the virus for online scans and a few sites said the file was fine, so some people would have been caugh out..

DEP is enabled, but I cant rule out it loading as java or flash or something else of the ilk...

Sadly, the site I think it was doesnt seem to be installing again and I couldnt replicate it (I cleared cache and history as part of the cleaning process).

0
0
Joke

@garethfcompton

Can someone please DDoS Amnesty off line? I shan't tell Yasmin Alibhai-Brown if you don't. It would be a blessing, really.

0
0
This topic is closed for new posts.

Forums