Three weeks ago we reported on how celebrity chef Jamie Oliver’s website was serving up malware. The site, www.jamieoliver.com, has around 10 million visitors a month, so the fact it had been hacked to redirect people to an exploit kit was a big deal.
Naturally, Jamie Oliver’s management team acted swiftly to fix things, except according to Malwarebytes, which discovered the original problem, the site is now dishing up digitally signed malware.
After the original issue was reported, and supposedly dealt with, Oliver’s management team put out a public statement:
The team at jamieoliver.com found a low-level malware problem and dealt with it quickly. The site is now safe to use. We have had only a handful of comments from users over the last couple of days, and no-one has reported any serious issues. We apologize to anyone who was at all worried after going on the site. The Jamie Oliver website is regularly checked for vulnerabilities by both our in-house team and an independent third-party and they quickly deal with anything that is found. The team is confident that no data has been compromised in this incident but if anyone is worried, do please use the contact form on the site.
While it’s fine, understandable even, for the site to play down the issues, not fully dealing with the problem, which is what Malwarebytes suspects has happened here, is inexcusable.
"It is indeed quite common for a hacked server to retain malicious shells or backdoors that keep on reinfecting the site", Malwarebytes senior security researcher Jérôme Segura explains, adding that there’s every reason to believe that it is "the same infection that was not completely removed or perhaps that a vulnerability with the server software or Content Management System (CMS) still exists".
Vulnerable systems are infected with a Trojan that Malwarebytes Anti-Malware detects as Trojan.Dorkbot.ED.
Image Credit: Mr Pics / Shutterstock