March 2015 2
The website of Jamie Oliver has been found to be harbouring malicious software for a second time.
Two security companies have independently found evidence that hackers put malicious code on the site.
Anyone visiting using a vulnerable browser risks losing login names, passwords and other data, said the security firms.
A spokesman for Jamie Oliver confirmed the site had been hit and said it had now cleaned it up.
“We have taken measures to clear the offending code and the site is now safe to visit,” said the spokesman. “We are now running a forensic audit to find out more information.”
The site first fell victim to hackers in mid-February and that breach was quickly cleaned up after administrators were told about the problem.
However, said Maarten van Dantzig from Fox-IT, cyber-thieves have returned to the site and planted the virus in the main part of the page.
“We are wondering if it has been compromised in other ways,” he said.
Anyone visiting the site using the Internet Explorer browser that did not have up-to-date plug-ins for Java and Flash would be infected, he said.
The malicious code lurking on the site helps to install a virus on compromised machines called Dorkbot.ED and it watches what people do online and grabs copies of any login or password information. It also blocks security updates and can use victims’ machines as proxies for other web attacks.
The Jamie Oliver website is visited by about 10 million people per month. Mr van Dantzig said a high-traffic site like this was a “goldmine” for cyber-thieves.
Jerome Segura from Malwarebytes said the second infection was similar to the first one seen on the site.
“This leads us to believe this is the same infection that was not completely removed or perhaps that a vulnerability with the server software or Content Management System still exists,” he said.
He said it was “quite common” for servers that have been hacked once to retain vestiges of the infection that attackers can use to keep re-infecting a site.
Mr van Dantzig said his company spotted the infection via security monitoring systems it runs for several large Dutch companies. It traced the source of one infection back to the cooking website and found other records which suggest the malware had been present since 5 March.
The BBC will be giving away mini-computers to 11-year-olds across the country as part of its push to make the UK more digital.
One million Micro Bits – a stripped-down computer similar to a Raspberry Pi – will be given to all pupils starting secondary school in the autumn term.
The BBC is also launching a season of coding-based programmes and activities.
It will include a new drama based on Grand Theft Auto and a documentary on Bletchley Park.
The initiative is part of a wider push to increase digital skills among young people and help to fill the digital skills gap.
The UK is facing a significant skills shortage, with 1.4 million “digital professionals” estimated to be needed over the next five years.
The BBC is joining a range of organisations including Microsoft, BT, Google, Code Club, TeenTech and Young Rewired State to address the shortfall.
At the launch of the Make it Digital initiative in London, director-general Tony Hall explained why the BBC was getting involved.