Foodies beware!
The website of celebrity chef Jamie Oliver, which is said to receive some 10 million visitors every month, has been found serving up the unpleasant dish of malware.
The infection, first reported by security firm MalwareBytes, could have exposed many pukka grub-loving web surfers to a potential computer infection.
Talk about leaving a bad taste in your mouth…
Security researcher Jerome Segura explains on the MalwareBytes blog that that the attack presented itself via an obfuscated malicious script hidden on jamieoliver.com at the bottom of webpages.
Quite how the malicious code got to be there is open to question – but hopefully the people responsible for administering Jamie Oliver’s website will ensure that they don’t stop at cleaning up the infection, but also discover the underlying problem to ensure that the site does not get compromised again.
It appears that you might have been at risk if you visited the Jamie Oliver website from a computer that was not running the latest patched versions of Adobe Flash, Silverlight and Java.
That’s because when the malicious script executes, it in turn redirects around the web before running a version of the Fiesta exploit kit.
In turn, the Fiesta exploit kit attempts to take advantage of Adobe, Silverlight and Java vulnerabilities to download and execute malware on your computer. That malware (detected by MalwareBytes as Trojan.Dorkbot.ED, but called names such as Win32/Boaxxe.BR and Trojan.Win32.Muref.cv by other vendors) hijacks your PC, and allows attackers to redirect search engine results.
Before you know it, you’re no longer properly Googling the internet – but instead being redirected to search results that help earn the attackers income through affiliate schemes.
According to MalwareBytes, you may also find yourself at risk of being duped into installing bogus security updates on your computer or fake virus warnings urging you to ring what is (claimed to be) Microsoft technical support – although you will actually be speaking to scammers eager for your credit card details.
Worryingly, Fox-IT security researcher Maarten van Dantzig tells me that the infection has been present on Jamie Oliver’s website since early December:
Jamie Oliver’s website has been redirecting to the exploit kit since the start of December 2014. So during Thanksgiving and Christmas I’m sure a lot of people looking up recipes became victims.
The advice as always is to be on your guard, and harden your defences.
Ensure that all of your computers are always running an up-to-date anti-virus program, and that you are not using a Windows account with admin privileges. Keep the likes of Adobe Flash and Java updated with the latest security patches, as online criminals love to exploit widely-used programs like these.
The sad truth is that malicious hackers love to infect popular websites with drive-by attacks like this because it guarantees them a large audience of potential victims.
Take steps to improve your computer security. It’s the yeast you can do to ensure that your defences are not half-baked, otherwise your data or finances could end up as toast.
It’s not, of course, the Naked Chef’s first computer security problem. In 2013, Jamie Oliver’s Twitter account was hijacked by (ironically) diet scammers.
A prime example as to why having Java/Flash/Silverlight (and other Adobe products) on your O.S is simply not a good idea and more often than not, completely unnecessary.
If you were using Chrome which obviously has Flash built in, would you still be vulnerable? Presumably the fact that Chrome's built in Flash should always be the latest version, coupled with their sanboxing feature would make this XXS attack hard to be effective on an up to date browser?
I'd assume that the Fiesta Exploit Kit is using old exploits and unlikely to have any current 0-days built into it.
I hope as a professional chef, Jamie Oliver salts his users passwords. Nothing worse than under seasoning.