The website of Jamie Oliver has been found to be harbouring malicious software for a second time.
Anyone visiting it using a vulnerable browser risks losing login names, passwords and other data, said researchers. Maarten van Dantzig from Fox-IT said that cyber-thieves returned to the site and planted the virus in the main part of the page.
The malicious code lurking on the site helps to install a virus on compromised machines called Dorkbot.ED and it watches what people do online and grabs copies of any login or password information. It also blocks security updates and can use victims’ machines as proxies for other web attacks.
The site first fell victim to hackers in mid-February and that breach was quickly cleaned up after administrators were told about the problem.
“We have taken measures to clear the offending code and the site is now safe to visit,” said a spokesman for the Naked Chef. “We are now running a forensic audit to find out more information.”
David Flower, managing director Bit9 + Carbon Black EMEA, said: “Recovering quickly following the discovery of any security breach is vital to safeguarding corporate reputation and avoiding long-term damage to a brand. However, this latest attack on Jamie Oliver’s site so soon after the first is a clear demonstration that unlike lightning, cyber attacks do strike twice. As such, it is not enough to just know that a breach has occurred; you need to be able to track the ‘kill chain’ of what the threat actor did in order to understand your level of risk exposure following a breach.”