Jamie Oliver's website now confirmed malware-free
Malicious exploit problem has now been fixed
Jamie Oliver's website has been confirmed as malware-free by the security researchers who discovered it was serving up a malicious exploit kit to site visitors.
The website is popular among UK visitors, and regularly receives around 10 million visits per month from internet users in search of recipe ideas and news about the celebrity chef.
The security flaw was picked up by anti-virus company Malwarebytes, who claimed to have stumbled upon it during a "routine check" for new exploits and hacked sites.
"Contrary to most web-borne exploits we see lately, this one was not the result of a malicious ad but rather a carefully and well-hidden malicious injection in the site itself," the company said in a blog post, authored by senior security researcher Jrme Segura.
This was used to re-direct site visitors to an exploit landing page, via a corrupted WordPress site, capable of launching three exploits.
The researchers said these could create problems for users with unpatched machines, as a malicious dropper could be downloaded and run with dire consequences for victims.
"One of the noticeable effects, post-infection, is search engine hijacks with unwanted redirections," the blog post continues.
"Users are [also] misled into installing fake software updates which end up wreaking havoc on the system."
Segura said the team immediately notified the site administrators of their find, and warned them simply deleting the offending script would not be enough to remedy the issue.
"The webmasters will need to look for additional evidence of infection, rather than simply restore or delete the offending script," it added.
The team behind the website has since issued a statement, confirming the "low-level malware problem" flagged by Malwarebytes has now been fixed, making the website safe-to-use.
"We have had only a handful of comments from users over the last couple of days, and no-one has reported any serious issues. We apologise to anyone who was at all worried after going on the site.
"The Jamie Oliver website is regularly checked for vulnerabilities by both our in-house team and an independent third-party and they quickly deal with anything that is found," the statement continued.
"The team is confident that no data has been compromised in this incident but if anyone is worried, do please use the contact form on the site."
BCDR buyer's guide for MSPs
How to choose a business continuity and disaster recovery solutionDownload now
The definitive guide to IT security
Protecting your MSP and your customersDownload now
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now