Jamie Oliver doesn't care that he gave you malware

Well, here's news that will surprise absolutely no-one.

Chirpy cockney chef Jamie Oliver has been found spreading malware yet again after his website suffered yet another compromise.

Jamie Oliver website

According to researchers at MalwareBytes, the popular site was serving up a password-stealing payload alongside its pasta pesto.

That would be bad news in itself, but the fact is that Jamie Oliver's website was also found to have been compromised with malware in March and between December last year and February.

Jamie OliverIn short, the team responsible for Jamie Oliver's website have found themselves victims again and again. Which does, somewhat, make you question how likely it is that they're going to properly prevent yet another reoccurrence.

On each occasion, it is innocent internet users who are put at risk - and may find that their passwords have been stolen simply because they visited Jamie Oliver's website for a tasty recipe.

Which can hardly be good for Jamie Oliver's multi-million dollar brand.

According to MalwareBytes, the threat is the same as the previous incidents. Browsing any page on Jamie Oliver's website can lead to the Fiesta exploit kit being executed from a third-party website via a single line of code.

Compromised website code

MalwareBytes says it has told Jamie Oliver's team about the problem - one would imagine that they're on first name terms by now - but what disturbs me is that there is no warning of the risk on the website or mention of the problem on Jamie Oliver's Twitter account.

I mean, if you want to be sure that Jamie Oliver fans know that their Windows computers might have been infected, you don't just hope that they read a security vendor's blog or happen upon a BBC News report, do you?

If you go to Jamie Oliver's website (careful folks... who knows when it will next be infected?) then you'll discover that it apparently found no space to mention the malware attack.

No room to mention malware on Jamie Oliver's website

And the same is true on Jamie's Twitter account, a perfect platform for informing over four million fans of the risk.

My conclusion has to be that he simply doesn't care.

And if he doesn't care, why do you imagine that efforts will be made to prevent it from happening again?

Further reading for Jamie Oliver's IT team: Why does my site keep getting hacked/reinfected?

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

3 Responses

  1. Phil

    May 13, 2015 at 12:06 pm #

    He's really not a cockney. 'Chirpy' I'll give you…

    • Graham Cluley in reply to Phil.

      May 13, 2015 at 5:14 pm #

      Maybe mockney would have been more accurate. Lovely jubbly

  2. Coyote

    May 13, 2015 at 7:23 pm #

    "In short, the team responsible for Jamie Oliver's website have found themselves victims again and again."
    I disagree – the victims are those unsuspecting visitors to their website. Oliver's IT department, however, is irresponsible and negligent. Yes, it can happen. But the fact they're not notifying anyone, the fact they're going through this repeatedly means it is more than just a mistake – it is negligence.

    "My conclusion has to be that he simply doesn't care."
    Indeed. He doesn't. That is quite clear. Shameful too, because of the implications of malware..

    "And if he doesn't care, why do you imagine that efforts will be made to prevent it from happening again?"

    A better question is WHEN will it happen again. It is interesting to note that two very different extremes lead to the same issue:

    1. Person does something foolish and then uses the unimaginative, always old remark about it not being them but someone broke in to their account (i.e. not accepting that they could have done things better [and in most – I'm inclined to say all – cases this includes not accepting their poor decisions to do/say whatever it is that was done]). It is a default excuse that takes all the blame and puts it elsewhere (and yet those who do have an account compromised are more likely to accept it and learn from it, with the exception of 2, below, and perhaps similar attitude). I.e. they're irresponsible.
    2. Outright ignoring risks. I.e. they're irresponsible.

    Yet both are the same thing if you think a bit more: they don't seem all that concerned with their actions (or lack thereof); they only (sometimes) care about their reputation. 2 seems more serious to me because 1 is a poor decision, something they realise they shouldn't have done (but are too afraid to admit it to it or face the consequences publicly), but ignoring things such as Jamie Oliver does is not even accepting it in the first place.

Leave a Reply