Jamie Oliver's website now confirmed malware-free

News
By
published

Malicious exploit problem has now been fixed

Security flaw

Jamie Oliver's website has been confirmed as malware-free by the security researchers who discovered it was serving up a malicious exploit kit to site visitors.

The website is popular among UK visitors, and regularly receives around 10 million visits per month from internet users in search of recipe ideas and news about the celebrity chef.

The security flaw was picked up by anti-virus company Malwarebytes, who claimed to have stumbled upon it during a "routine check" for new exploits and hacked sites.

"Contrary to most web-borne exploits we see lately, this one was not the result of a malicious ad but rather a carefully and well-hidden malicious injection in the site itself," the company said in a blog post, authored by senior security researcher Jrme Segura.

This was used to re-direct site visitors to an exploit landing page, via a corrupted WordPress site, capable of launching three exploits.

The researchers said these could create problems for users with unpatched machines, as a malicious dropper could be downloaded and run with dire consequences for victims.

"One of the noticeable effects, post-infection, is search engine hijacks with unwanted redirections," the blog post continues.

"Users are [also] misled into installing fake software updates which end up wreaking havoc on the system."

Segura said the team immediately notified the site administrators of their find, and warned them simply deleting the offending script would not be enough to remedy the issue.

"The webmasters will need to look for additional evidence of infection, rather than simply restore or delete the offending script," it added.

The team behind the website has since issued a statement, confirming the "low-level malware problem" flagged by Malwarebytes has now been fixed, making the website safe-to-use.

"We have had only a handful of comments from users over the last couple of days, and no-one has reported any serious issues. We apologise to anyone who was at all worried after going on the site.

"The Jamie Oliver website is regularly checked for vulnerabilities by both our in-house team and an independent third-party and they quickly deal with anything that is found," the statement continued.

"The team is confident that no data has been compromised in this incident but if anyone is worried, do please use the contact form on the site."

Caroline Donnelly
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.