In another tale of web surfer beware, visitors to the web site of British celebrity chef Jamie Oliver that came looking for a pancake recipe were also served an unexpected side dish: malware.
The popular web site receives over 330,000 visitors every day, making it a good vehicle for the Shrove Tuesday-inspired attack. Part of the Catholic observation of Lent, part of the tradition for many is eating pancakes. And many, no doubt, were looking for new and interesting pancake recipes.
According to security researchers at Websense Security Labs, a direct injection compromise on the Jamie Oliver web site allowed cybercriminals to serve up malware to unsuspecting pancake enthusiasts.
“The attackers have taken advantage of a well-known celebrity chef and interest in recipes for the Pancake Day holiday to drive victims to compromise. Malware authors need only host their code on popular sites for just a brief moment to capture a large number of victims,” said Carl Leonard, principal security analyst with Websense, in a statement. “This type of compromise, when good sites go bad, underscores the necessity for users to keep their computers patched and have proper security measures in place to protect from exploitation.”
Websense contacted Jamie Oliver’s management company; the compromise is no longer present and they’re investigating the incident.
In a blog, Websense researchers explain in more detail the nature of the exploit, and what businesses like Oliver’s can do to prevent such attacks in the future.
But what about the web surfing recipe enthusiast? Clearly, going to Chapters to buy a cook book isn’t going to happen. The Internet can be a dangerous place though. To stay safe, web surfers should always ensure their operating system is up to date and patched, and that they’re running robust and updated anti-virus and anti-malware software.
And if you’re in doubt; don’t click. Just make instant pancakes.