Jamie Oliver website hacked, dishes up malware with sides

News by Doug Drinkwater

The website of celebrity chef Jamie Oliver has been hacked after cyber-criminals apparently injected malicious code onto the site.

Security researchers at Malwarebytes found the highly-obfuscated malicious script hidden towards the bottom of the webpages at jamieoliver.com, noting that this could have been a legitimate script injected with additional content or a rogue script altogether.

They say that the site was most likely compromised as a result of stolen credentials or a compromised website plug-in.

When web users visited jamieoliver.com, they would be redirected to a legitimate but compromised WordPress site where an exploit kit similar to Fiesta EK would attempt to run three exploits against Flash, Silverlight and Java on the user's machine. Users that were not fully-patched with these services would be compromised, and the hacker would then look to download the Dorkbot Trojan (also known as Win32/Boaxxe.BR and Trojan.Win32.Muref.cv), in order to hijack the PC and redirect search engine results.

This exploit kit would only be served once, and thus not to those returning visitors, while it also wouldn't target users operating VPNs.

“It all started with a compromised JavaScript hosted on jamieoliver.com. It could be a legitimate script that has been injected with additional content or a rogue script altogether,” said senior security researcher Jérôme Segura. “The webmasters will need to look for additional evidence of infection, rather than simply restore or delete the offending script.

Jamie Oliver's team are aware of the incident, and are conducting their own investigation into the matter. All malicious content has apparently been removed from the website, which is said to attract 10 million visitors per month.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews