Once was not pukka, twice was downright careless, but Jamie Oliver website serves up malware for the third time
The website management of celebrity chef Jamie Oliver has once again been called into question, after it was revealed it is serving up malware for the third time this year.
Visitors to the JamieOliver.com website risk being redirected to malicious software, in a similar attack to the two previous hacks of the website.
The first came in February this year, when it was revealed that the website was infected with a script that when it executed, hijacked a user’s searches and redirected to harmful websites. The attack was serious as JamieOliver.com is said to attract 10 million visits per month, and the website was unfortunately infected again in March.
The third infection at the website was revealed once again by security firm Malwarebytes. “We already reported the site serving malware twice at least, Malwarebytes wrote on a blog posting. “On both of these occasions the main site was directly affected and redirecting to the Fiesta exploit kit. This time is no different and browsing any page will trigger a malicious redirection chain to the aforementioned exploit kit.”
The malicious injection is present within any page of the site, said Malwarebytes, and the bit.ly shortened URL redirects the user a compromised website. The infection could also see a user’s passwords being stolen.
“The team in charge of Jamie Oliver’s website has acknowledged the issue and is taking steps to remediate this problem once and for all,” said Malwarebytes. “Obviously no one in charge of a website likes to see malware come back time and time again. Website malware is a different beast than Windows-based malware.”
It advised users to keep their computer up-to-date and and to surf with Anti-Exploit technology.
And this is not the first time that Jamie Oliver has experienced a computer security issue. In 2013, his Twitter account was hijacked by diet scammers.
But the fact that there has been no warning of the malware infection via Jamie Oliver’s usual media channels has infuriated at least one security expert.
“In short, the team responsible for Jamie Oliver’s website have found themselves victims again and again,” wrote Graham Cluley. “Which does, somewhat, make you question how likely it is that they’re going to properly prevent yet another re-occurrence.”
“What disturbs me is that there is no warning of the risk on the website or mention of the problem on Jamie Oliver’s Twitter account,” wrote Cluley. “I mean, if you want to be sure that Jamie Oliver fans know that their Windows computers might have been infected, you don’t just hope that they read a security vendor’s blog or happen upon a BBC News report, do you?”
“My conclusion has to be that he simply doesn’t care,” said Cluley. “And if he doesn’t care, why do you imagine that efforts will be made to prevent it from happening again?
The website admin team did however respond to some media outlets about the compromise.
“We’ve implemented daily.. malware detection scans, also an industry leading web application firewall to protect against all common security attacks.. which has been blocking numerous hacking attempts,” a spokesperson for the website told the BBC.
“We’re working with a number of security companies to find the issue once and for all,” the spokesperson added. “We’re also running daily manual checks which have detected and cleaned a number of threats although it’s important to note that we have had no reports from any users that have been put at risk.”
Are you a security pro? Try our quiz!