View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 18, 2015updated 19 Aug 2016 3:59pm

Hack on Jamie Oliver undresses Naked Chef

Malicious injection exposes visitors to ruinous virus, says Malwarebytes.

By Jimmy Nicholls

Jamie Oliver’s website has suffered a malicious injection that leads victims’ to install software capable of "wreaking havoc on the system", according to the security vendor Malwarebytes.

Compromised JavaScript code was found hidden under several layers of obfuscation, in turn making use of an exploit kit that targets web app platforms Flash, Silverlight and Java to deliver a trojan virus called Dorkbot.

Jerome Segura, senior security researcher at Malwarebytes, said: "While routinely checking the latest exploits and sites hacked, we came across a strange infection pattern that seemed to start from popular website jamieoliver.com, the official site of British chef Jamie Oliver.

"Contrary to most web-borne exploits we see lately, this one was not the result of a malicious ad (malvertising) but rather a carefully and well hidden malicious injection in the site itself."

Once installed on the system the malware is said to hijack search engine requests, redirecting users to further software downloads that can ruinously attack a system.

According to Traffic Estimate jamieoliver.com received 2.8 million visits during January, though figures from the chef’s media group claimed monthly unique visitors of 7.7 million in 2014.

The admins of the website have since been contacted by Malwarebytes informing them of the alleged problem, but have yet to respond to requests for comment from CBR.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

"The webmasters will need to look for additional evidence of infection, rather than simply restore or delete the offending script," Segura said. "Typically, stolen login credentials or a vulnerable plugin can allow an attacker to gain access to a remote server and alter it."

"When websites such as Jamie Oliver’s are compromised, both consumers and website owners are at risk," said Laurie Mercer, solutions architect at Veracode. "Users risk having their computers infected with malware and their money and identity stolen, whilst the Jamie Oliver Group risks losing customers’ trust.

"Even after the incident is addressed users will think twice before browsing that site over one of its competitors. Websites are the modern-day store front so it is vital that they are secure and protect their customers."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU