Someone must really hate Jamie Olliver’s cooking, as his website has been hacked for the third time this year alone.
The same as in the previous two times it’s been hacked, the WordPress site is serving up a password stealer. The issue was spotted by Malwarebytes, thanking programmer @hasherezade for the tip.
Malwarebytes says the exploit kit looks similar to Gootkit, and it has been, in the meantime, taken care of.
The malware was served by a bit.ly shortened link that redirected to the Fiesta exploit kit. This had been injected into all pages in the site. Fiesta then tried to infect the visitor with a Flash exploit, a Java exploit, and two payloads.
“Vulnerable systems will receive this dual payload which performs some fancy PowerShell footwork to lodge itself inside the registry,” the post says.
What Malwarebytes seems to also be pointing at is the fact that this is not the first time Oliver’s site was injected with malicious code and offers the webmasters, fairly tentatively, a text on how to keep a website safe, with the focus on the cause, and not the symptoms.
“The problem is that often times people will get rid of the obvious signs (the symptoms), for example in this case the bit.ly injection but not what caused it in the first place,” it says
Jamie Oliver’s site was hacked in a similar fashion twice this year, first in February, then March. Whoever has a ‘beef’ with Jamie Oliver must have taken April off.
His website currently ranks 548 in the UK.
UPDATE: David Emm, Principal Security Researcher at Kaspersky Lab, has commented: "The news that Jamie Oliver’s website has been hacked yet again is an example of cybercriminals being persistent in exploiting a weakness, so it’s even more important for consumers to not only install, but carry on using protection.
"It is imperative that individuals don’t take a lax approach to cybersecurity, as the cyber landscape continues to advance as do the threats that come with it. Consumers must be consistently on the ball and develop a “security mind-set” as opposed to a one-off approach to install security measures and then forget about them.
"Once again, this the is yet another reminder of how careful everyone needs to be when using the Internet, many people have potentially been exposed to malicious software by simply clicking on something that looks legitimate. The trouble is, to the untrained eye, it can be nearly impossible to tell what’s legitimate and what’s not, no matter how aware people think they are.
"This incident highlights the need for everyone to install comprehensive Internet security software that will protect them wherever they go on the Internet, because even legitimate and trusted web sites, such as this one, can be compromised if attackers find a way to implant their code and redirect people to an infected website.
"It’s also another reminder that cybercriminals are not only after information from large organisations, they also chase information from consumers."