14 DAY TRIAL // The website of celebrity chef Jamie Oliver is once again delivering malware to its visitors, but this time the piece is digitally signed.
Back in February, security researchers at Malwarebytes discovered that landing on the famous repository of recipes and culinary pieces of advice could turn a foodie into a drive-by attack victim.
The problem was solved at the time, but it looks like the website did not benefit from a complete scrub and cybercriminals either managed to whisk in a new threat or kept a malicious shell or backdoor and re-infected it.
Hackers may leverage a security flaw in the web server or a glitch in the content management system (CMS), which in this case is Concrete5, used for administrating the website. Plug-ins can also be an attack vector.
Fiesta EK is again used to sprinkle malware
Jerome Segura of Malwarebytes found that the location is once again compromised, and the malicious code has the same structure as in the previous attack. Another similarity is that the redirect is to Fiesta exploit kit, the same attack tool used before.
However, this time the hackers stirred the poisonous strings in the comScore tag, which allows the admin to check the total number of page views.
Another difference compared to the previous compromise is that Fiesta delivers a piece of malware that is digitally signed. The signature has been issued by Comodo for software development company Just Great Software.
The malicious software is ignored by most antivirus engines on Virus Total, Malwarebytes and ESET’s NOD32 being the only ones offering detection (Trojan.Dorkbot.ED and Win32/Boaxxe.CV, respectively) for it at the moment.
Keeping all software running on the website up-to-date and conducting regular security checks helps ensure that the web pages remain clean of malicious code that could endanger visitors.
On the other hand, users should install security solutions on their computers and apply all updates provided by the vendor.
