Three weeks ago we reported on how celebrity chef Jamie Oliver’s website was serving up malware. The site, www.jamieoliver.com, has around 10 million visitors a month, so the fact it had been hacked to redirect people to an exploit kit was a big deal.
Naturally, Jamie Oliver’s management team acted swiftly to fix things, except according to Malwarebytes, which discovered the original problem, the site is now dishing up digitally signed malware.
After the original issue was reported, and supposedly dealt with, Oliver’s management team put out a public statement:
While it’s fine, understandable even, for the site to play down the issues, not fully dealing with the problem, which is what Malwarebytes suspects has happened here, is inexcusable.
"It is indeed quite common for a hacked server to retain malicious shells or backdoors that keep on reinfecting the site", Malwarebytes senior security researcher Jérôme Segura explains, adding that there’s every reason to believe that it is "the same infection that was not completely removed or perhaps that a vulnerability with the server software or Content Management System (CMS) still exists".
Vulnerable systems are infected with a Trojan that Malwarebytes Anti-Malware detects as Trojan.Dorkbot.ED.