CyberCrimeSecuritySecurity Management

Jamie Oliver Website Serves Up Malicious Malware

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

That’s not so pukka then, as Jamie Oliver’s website falls victim to cyber hackers

The official website of Jamie Oliver has left a bad taste in the mouth after it was discovered to be serving up an unappetising dish of malware.

The malicious malware could have infected millions of the British celebrity chef’s fans’ computers, security analysts warned.

Malicious Script

The discovery was made by security firm MalwareBytes, and is potentially very serious as Oliver’s website is said to attract 10 million visits per month.

“Contrary to most web-borne exploits we see lately, this one was not the result of a malicious ad (malvertising) but rather a carefully and well hidden malicious injection in the site itself,” blogged security researcher Jerome Segura. He explained that the attack presented itself via an obfuscated malicious script hidden on at the bottom of webpages.

Malware - Fotolia: skull button © alekup #34457353This malicious script could have comprised visitor’s PCs that were not running the latest patched versions of Adobe Flash, Silverlight and Java. When the script executes, a user’s searches are hijacked and redirected to harmful websites.

“It all started with a compromised JavaScript hosted on jamieoliver[dot]com,” blogged Segura. “It could be a legitimate script that has been injected with additional content or a rogue script altogether.”

The webmasters will need to look for additional evidence of infection, rather than simply restore or delete the offending script,” he warned. “Typically, stolen login credentials or a vulnerable plugin can allow an attacker to gain access to a remote server and alter it.”

The jamieoliver[dot]com website administrators have been contacted, but have yet to respond.

“Seeking the perfect pancake mix on Shrove Tuesday could have led you to your favourite celebrity chef for the perfect batter recipe,” said Carl Leonard, principal security analyst at Websense.

“Malware authors want to dish up more than unsuspecting victims bargained for, and only host their code on these popular sites for just a brief moment to capture a large footfall,” said Leonard. “The code can come back at any moment if webmasters are not prepared.”

“If end users are browsing to such sites, companies need to ensure they have the perfect recipe for detection of known malware and exploits kits, combined with real-time analysis of outliers; ensuring that threats hosted on the far-reaching corners of the web are stopped in their tracks,” he added.

Risky Celebrities

This is not the first time that Jamie Oliver has experienced a computer security issue. In 2013, his Twitter account was hijacked by diet scammers.

Celebrities are prime targets for the hacker community. Late last month for example, the Twitter and Instagram accounts of pop starlet Taylor Swift was hacked by the infamous hacker group Lizard Squad.

Last year, the FBI investigated the leaking of nude photos of 17 female celebrities, including snaps of Coronation Street sex symbol Michelle Keegan, Hunger Games actress Jennifer Lawrence, Spider-Man star Kirsten Dunst and pop star Ariana Grande.

Are you a security pro? Try our quiz!