An attacker has used a Structured Query Language (SQL) attack to add code to her website. This code then links Nigella website users to malware hosted on another website.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The attack has been created using the Asprox toolkit, widely distributed by hackers.
Researchers from security software firm ScanSafe first detected the attack on 14 July. Anyone who has visited the Nigella site could potentially have an infected computer, said ScanSafe.
With the malicious code, users would be silently directed from the website to a backdoor which could potentially download Trojans, password stealers and various other types of spam.
ScanSafe CEO Eldar Tuvey said, "SQL injection attacks have become the most common form of website compromise, outpacing all other types of compromise by 212%. High-profile websites such as Nigella Lawson's must realise that they are becoming an appealing target for these cyber criminals."
ScanSafe has notified the Nigella website and is liaising with it to resolve the issue.
Rival security firm Finjan has reported that it has detected 1,000 other sites infected by the Asprox toolkit.