Jamie Oliver Website Serves Up Malicious Malware

The official website of Jamie Oliver has left a bad taste in the mouth after it was discovered to be serving up an unappetising dish of malware.

The malicious malware could have infected millions of the British celebrity chef’s fans’ computers, security analysts warned.

Malicious Script

The discovery was made by security firm MalwareBytes, and is potentially very serious as Oliver’s website is said to attract 10 million visits per month.

“Contrary to most web-borne exploits we see lately, this one was not the result of a malicious ad (malvertising) but rather a carefully and well hidden malicious injection in the site itself,” blogged security researcher Jerome Segura. He explained that the attack presented itself via an obfuscated malicious script hidden on jamieoliver.com at the bottom of webpages.

This malicious script could have comprised visitor’s PCs that were not running the latest patched versions of Adobe Flash, Silverlight and Java. When the script executes, a user’s searches are hijacked and redirected to harmful websites.

“It all started with a compromised JavaScript hosted on jamieoliver[dot]com,” blogged Segura. “It could be a legitimate script that has been injected with additional content or a rogue script altogether.”

The webmasters will need to look for additional evidence of infection, rather than simply restore or delete the offending script,” he warned. “Typically, stolen login credentials or a vulnerable plugin can allow an attacker to gain access to a remote server and alter it.”

The jamieoliver[dot]com website administrators have been contacted, but have yet to respond.

“Seeking the perfect pancake mix on Shrove Tuesday could have led you to your favourite celebrity chef for the perfect batter recipe,” said Carl Leonard, principal security analyst at Websense.

“Malware authors want to dish up more than unsuspecting victims bargained for, and only host their code on these popular sites for just a brief moment to capture a large footfall,” said Leonard. “The code can come back at any moment if webmasters are not prepared.”

“If end users are browsing to such sites, companies need to ensure they have the perfect recipe for detection of known malware and exploits kits, combined with real-time analysis of outliers; ensuring that threats hosted on the far-reaching corners of the web are stopped in their tracks,” he added.

Risky Celebrities

This is not the first time that Jamie Oliver has experienced a computer security issue. In 2013, his Twitter account was hijacked by diet scammers.

Celebrities are prime targets for the hacker community. Late last month for example, the Twitter and Instagram accounts of pop starlet Taylor Swift was hacked by the infamous hacker group Lizard Squad.

Last year, the FBI investigated the leaking of nude photos of 17 female celebrities, including snaps of Coronation Street sex symbol Michelle Keegan, Hunger Games actress Jennifer Lawrence, Spider-Man star Kirsten Dunst and pop star Ariana Grande.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

2 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

2 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

4 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

6 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

6 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

7 hours ago