Attacking browsers unpatched against the common Java vulnerability (also used ), between 8 and 9 May visitors would have been at risk of downloading a Windows executable hiding behind a valid VeriSign-issued digital certificate.

Anyone clicking Ok to this install trick would have become infected with Gh0st RAT, a potent backdoor Trojan used to cull passwords and files and just about anything else the attacker wants to take from the infected system.

The injected web code was removed after Websense alerted Amnesty to the issue.

The attack bears all the hallmarks of a series of attacks that appear to be targeting pro-Tibet organisations and sympathisers, most likely by a group connected to China.

In March, Gh0st RAT was part of the 'ByShe' attack using a malicious Word attachment. That attack also exploited a VeriSign-issued digital certificate, on that occasion one that had been revoked.