As I always tell my customers, you can get a virus from any site. This one is a nice cross platform attack using Java. Whenever you see that little bubble telling you Java needs an update do it.:
‘Tis the season for giving. And anybody visiting Amnesty International’s UK website could currently end up with the gift of a keylogger courtesy a Java exploit. Brian Krebs has written about it on his blog: Krebs on Security.
Amnesty’s UK site was hacked to include an iframe linking to a Brazilian server, which hosts a CVE-2011-3544 based Java Exploit.
Our browsing protection is now blocking Amnesty’s site. We’ve been blocking the .br site for several days already. We detect, and there’s fairly good AV industry coverage on, both the Java exploit and the trojan it drops.
Read the full details from Krebs, linked above. And stay safe.”
I almost at the point where I’m going to recommend clients unistall Java.