Acting on a tip, a member of our Threat Research team (Brod) has discovered a Dalai Lama related website is compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit.
Page source from gyalwarinpoche.com:
Here's a screenshot of gyalwarinpoche.com from Google's cache:
Note: Google's November 27th snapshot also includes a link to the malicious exploit (so don't visit).
The gyalwarinpoche site doesn't seem to be as "official" as dalailama.com:
The Java-based exploit uses the same vulnerability as "Flashback", CVE-2012-0507. Current versions of Mac OS X and those with their browser's Java plugin disabled should be safe from the exploit. The malware dropped, Backdoor:OSX/Dockster.A, is a basic backdoor with file download and keylogger capabilities.
This is not the first time gyalwarinpoche.com has been compromised and it certainly isn't the first time Tibetan related NGOs have been targeted. Read more here and here.
There is also an exploit, CVE-2012-4681, with a Windows-based payload: Trojan.Agent.AXMO.