Malware strikes Jamie Oliver site for second time

Just weeks after the website was deemed safe, the vulnerability returns

Naked chef Jamie Oliver's website has been exposed by malware for the second time in less than a month.

Security researchers discovered the flaw on Friday, and although it was dealt with in minutes, some claimed it had been active for up to eight days.

Site visitors using Internet Explorer without up to date plug-ins for Java and Flash were redirected to another page that installed a virus called Dorkbot.ED, which monitors activity and which can steal passwords or log-in information.

"We have taken measures to clear the offending code and the site is now safe to visit. We are now running a forensic audit to find out more information," the site's operators said in a statement.

Security experts have suggested that this second attack was related to the first one, revealing administrators of Oliver's site may not have completely removed the malware from servers when it was first discovered back in February.

Malwarebytes, the security team who uncovered the first and now the second infection, suggested this was the case in a blog post.

Jerome Segura wrote: "It is indeed quite common for a hacked server to retain malicious shells or backdoors that keep on reinfecting the site.

"This is the same infection that was not completely removed or perhaps that a vulnerability with the server software or Content Management System (CMS) still exists."

Security researcher Graham Cluley agreed, writing in a blog post: "The site's administrators clearly failed to properly find what the security issue was with the site last time, and appears to have been compromised so easily again."

Malware still living in the server software or content management system means hackers can easily reinstate the flaw.

The team behind the website said in a statement: "The team at jamieoliver.com found a low-level malware problem and dealt with it quickly. The site is now safe to use. We have had only a handful of comments from users over the last couple of days, and no-one has reported any serious issues.

"We apologise to anyone who was at all worried after going on the site. The Jamie Oliver website is regularly checked for vulnerabilities by both our in-house team and an independent third-party and they quickly deal with anything that is found.

"The team is confident that no data has been compromised in this incident but if anyone is worried, do please use the contact form on the site."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021