Whistleblowing platform used to spread malware
In this case, Black Hole appears to have been configured only to attack Internet Explorer. A log file containing around 2,900 IP addresses was found on the server and may offer some indication of the number of systems infected.
It is not clear how the attackers were able to penetrate the server. The cryptome.org team has published a harmless extract of the malicious code and is asking for assistance in analysing it. Some initial thoughts have already been received. One user has suggested that the attacker may have used the WebDAV interface to modify the HTML files.
The cryptome.org team is currently busy disinfecting the affected files, around 80% of which are now back online.