Wednesday, 18 February 2015

Vulnerability: "Website Chef Jamie Oliver Spreading Malware"

Attackers have managed to hack the website of the British chef Jamie Oliver and provide malicious code that attempts to infect visitors with malware. Researchers at anti-virus company Malwarebytes found on the website that visitors JavaScript invisible sends to a exploitkit on another hacked website. This makes exploitkit abuse leaks in Flash Player, Silverlight and Java.

These are vulnerabilities where all updates to be available. Users who are up-to-date are therefore not at risk. In case users are not up-to-date, it will install a Trojan horse, which is recognized by few virus scanners on VirusTotal. "Unlike most web exploits that we have seen recently, this is not the result of contaminated ads, but a well-hidden injection at the site itself,"says analyst Jerome Segura. He notes that the problem lies in the compromised JavaScript on the website.

It may be possible to go a legitimate script adapted or an entirely malicious script. The webmaster will also receive the advice to look for other signs of infection, then just remove the script in question or modify. "Usually the stolen credentials or a vulnerable plug-in allowing an attacker gets access to a server," said Segura. Oliver's website is on the 536ste place of most visited websites in Britain and would attract 10 million visitors each month.


No comments:

Post a Comment