Fish and Chip Website Battered By Malware

Security vendor Sophos has warned that the website of Harry Ramsden, the UK fish and chip chain, has been hacked and is hosting a piece of malicious script.

Graham Cluely, senior technology consultant at Sophos told eWEEK Europe that Harry Ramsden’s website has been carrying the code for several days now. Cluely said the malicious script on the site, in turn drags down another piece of malicious code, from a German website.

“This often happens where a tiny bit of script is inserted into a website, which then drags down further malicious script that does more damage,” said Cluely.

“What appears to have happened is that hackers were trying to spread malware via the Harry Ramsden website, and the script was trying to pull down content from the German site,” said Cluely. “However, it looks like the infection on the Harry Ramsden website is broken, so it is not currently grabbing any malicious content.”

“It could be that the hackers themselves have screwed up, or it could be an incomplete fix or clean by Harry Ramsden,” he said. “The concern will be if the hackers were able to gain access in order to insert malicious code, then they can use that vulnerability again.”

“Harry Ramsden really needs to look at its website security,” Cluely added. He said that Sophos had checked the Harry Ramsden website on Friday afternoon, and confirmed that the site is still hosting the broken malicious code.

“It is still broken so thank heavens for that,” he said. “But the potential exists for someone to unbreak or fix the malicious code. Harry Ramsden have not a done a good job of repairing it. We contacted a phone number listed on their website and were put through to a third party support department. We have explained the problem to them.”

Sophos identified Troj/Iframe-DF as infecting the Harry Ramsden website. This iframe in turn points to a hacked site in Germany, which redirects you to a fake Google site registered in the EU, that triggers Troj/ObfJS-R.