US web pages have been compromised by SQL injection

Jul 2, 2008 14:23 GMT  ·  By

All gamers must be warned that trying to access the US Sony PlayStation web page poses a security threat. According to Sophos (company that specializes in offering anti-spam and antivirus software solutions) an SQL injection vulnerability was exploited by hackers in order to put their malicious code on the web page. Sites for popular Sony games "God of War" and "SingStar Pop" have been infected.

This is what will happen if you visit the compromised site: the malware will inform you that a virus scan is required and after pretending to scan for a while, it tells you that all sorts of viruses and trojans have been detected. You are of course provided with a link to a pretend security solution. Sophos claims that this is not an attempt to enlarge a botnet, it is a simple scam that tries to get you to part with your money. Unwary PC users are scared into thinking that they are infected and then convinced to purchase a phony security program.

Graham Cluley, senior technology consultant with Sophos comments: "There are millions of video game lovers around the world, many of whom will visit Sony's PlayStation website regularly to find out more about the latest console games. Most would never expect that surfing to a website like this could potentially infect them with malware. If users do not have sufficient protection in place then they might find that before they know it they have been scared into handing their credit card details over to a bunch of cybercriminals. It is essential that all websites, especially when they are high profile like this or receiving a large level of traffic, have been properly hardened to prevent hackers from injecting malicious code on to what should be legitimate web pages."

Sophos has already identified and classified this threat as Troj/frame-AG and Mal/Badsrc. If you are using Sophos security software, make sure you update and stay protected.