The official website of Jamie Oliver has left a bad taste in the mouth after it was discovered to be serving up an unappetising dish of malware.
The malicious malware could have infected millions of the British celebrity chef’s fans’ computers, security analysts warned.
The discovery was made by security firm MalwareBytes, and is potentially very serious as Oliver’s website is said to attract 10 million visits per month.
“Contrary to most web-borne exploits we see lately, this one was not the result of a malicious ad (malvertising) but rather a carefully and well hidden malicious injection in the site itself,” blogged security researcher Jerome Segura. He explained that the attack presented itself via an obfuscated malicious script hidden on jamieoliver.com at the bottom of webpages.
“It all started with a compromised JavaScript hosted on jamieoliver[dot]com,” blogged Segura. “It could be a legitimate script that has been injected with additional content or a rogue script altogether.”
The webmasters will need to look for additional evidence of infection, rather than simply restore or delete the offending script,” he warned. “Typically, stolen login credentials or a vulnerable plugin can allow an attacker to gain access to a remote server and alter it.”
The jamieoliver[dot]com website administrators have been contacted, but have yet to respond.
“Seeking the perfect pancake mix on Shrove Tuesday could have led you to your favourite celebrity chef for the perfect batter recipe,” said Carl Leonard, principal security analyst at Websense.
“Malware authors want to dish up more than unsuspecting victims bargained for, and only host their code on these popular sites for just a brief moment to capture a large footfall,” said Leonard. “The code can come back at any moment if webmasters are not prepared.”
“If end users are browsing to such sites, companies need to ensure they have the perfect recipe for detection of known malware and exploits kits, combined with real-time analysis of outliers; ensuring that threats hosted on the far-reaching corners of the web are stopped in their tracks,” he added.
This is not the first time that Jamie Oliver has experienced a computer security issue. In 2013, his Twitter account was hijacked by diet scammers.
Celebrities are prime targets for the hacker community. Late last month for example, the Twitter and Instagram accounts of pop starlet Taylor Swift was hacked by the infamous hacker group Lizard Squad.
Last year, the FBI investigated the leaking of nude photos of 17 female celebrities, including snaps of Coronation Street sex symbol Michelle Keegan, Hunger Games actress Jennifer Lawrence, Spider-Man star Kirsten Dunst and pop star Ariana Grande.
Are you a security pro? Try our quiz!
Tesla shareholders to be asked to reinstate Elon Musk's $56 billion pay package, days after…
Catching WhatsApp? Billionaire founder of Telegram claims encrypted platform will reach one billion users within…
Good news for Mark Zuckerberg as judge dismisses some claims in dozens of lawsuits alleging…
Consequences of Assembly Bill 886. Google begins removing California news websites from some search results
CEO Tim Cook during visit to Jakarta says Apple will look into building a manufacturing…
Introduction of digital services tax on tech firms will begin in 2024 Canadian government confirms,…