According to a blog post by anti-virus vendor Websense, of all places, the web site of Amnesty International has apparently been infecting visitors with malicious software, including an exploit for the still unpatched hole in Internet Explorer. According to the report, criminals manipulated the web site to put the exploit in an iFrame. Political sites are apparently in fashion among criminals at the moment. Just two weeks ago, still unidentified parties placed a zero-day exploit for Firefox on the web site for the Nobel Peace Prize.

The new attacks confirm observations of the exploit in commercial packages sold to criminals – which means attacks will probably soon become more frequent. Exploit packs fire on visitors to manipulated web sites from different directions to increase the success rate of infection attempts. In addition to the exploit for Internet Explorer, the AI site also contained modules for holes in QuickTime, Flash, and Shockwave.

Microsoft is still working on a patch but has not yet said whether there will be an emergency patch before the next Patch Tuesday. Until then, Microsoft recommends enabling Data Execution Prevention (DEP) for Internet Explorer on Windows 7, Vista and XP. In Internet Explorer 8, DEP is already enabled by default.

To activate DEP in Internet Explorer 7, Microsoft offers an online Fix-it tool. Another Fix-it tool switches on user-defined CSS to send attacks down a dead end. Furthermore, DEP and other protective mechanisms can be activated via the Enhanced Mediation Experience Toolkit (EMET) on Windows. The article "Damage limitation - Mitigating exploits with Microsoft's EMET " at The H Security explains how the tool works and how to use it.

(crve)