Exploits greeting users at foreign policy, human rights sites

Cyber espionage malware writers are taking advantage of two recently publicized vulnerabilities -- one in Java and the other in Flash -- to hit unsuspecting visitors to human rights, military research and foreign government sites with drive-by exploits.

As of Monday, Amnesty International Hong Kong, the U.S.-based Center for Defense Information and the Cambodian Ministry of Foreign Affairs were still serving malware, according to a Tuesday blog post from the nonprofit Shadowserver Foundation and written by researchers Steven Adair and Ned Moran.

The adversaries are alternating between foisting fresh exploits that take advantage an Adobe Flash bug, for which an emergency patch was issued May 4, and an Oracle Java hole, plugged in February. The Center for Defense Information, founded in 1972, has been compromised to point users to the Flash exploit.

"Visiting these websites can initiate a chain reaction in which malicious code is loaded from multiple websites and results in a system compromise for vulnerable systems without other mitigating factors," the post said. In other words, users don't have to take any action for their machines to become compromised.

The Israel-based International Institute for Counter-Terrorism and Institute for National Security Studies, in addition to the Brussels, Belgium-based Centre for European Policy Studies also have been infected with malicious IFRAMEs and JavaScript.

"In recent months we have continued to observe 0-day vulnerabilities emerging following discovery of their use in the wild to conduct cyber espionage attacks," the post said. "Frequently by the time a patch is released for the vulnerabilities, the exploit has already been the wild for multiple weeks or months -- giving the attackers a very large leg up. Individuals and organizations must keep their software patched and updated as frequently as possible."

This article originally appeared at scmagazineus.com