The certificate used in the latest Amnesty attack was issued to a Chinese Shenzen-based company, while Gh0st RAT itself is associated with the active Chinese GhostNet hacking group.

"Exploit kits zoom in on vulnerable websites, even ones with good intentions," said Websense Security Labs senior manager, Carl Leonard. "This compromise is more serious than your average. With a low AV detection rate, Gh0st RAT is a powerful tool that allows backdoor access into infected machines."

Last week Websense reported that the National Security Studies (INSS) website had been compromised using the same Java vulnerability , a relative of Gh0st RAT with the same data-stealing design.

The lesson, as always, is not to install anything unexpected, closing a browser process manually if presented with a Windows User Account Control message that seems suspicious.

Browsers should always be carefully patched, including plug-ins for commonly-targeted software such as Java and Flash.