Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Compromised playstation site poses risk to surfers

Sophos : 02 July, 2008  (Technical Article)
Sony's playstation web site suffers injection attack putting visitors to the pages at risk of malware infection
Researchers at IT security and control firm Sophos are warning lovers of video games that pages on the US-based Sony PlayStation website have been compromised by hackers.

Experts at Sophos have discovered that cybercriminals have injected unauthorised code on pages promoting the PlayStation games 'SingStar Pop' and 'God of War'.

At the time of writing the hacker's code attempts to dupe web surfers by running a fake anti-virus scan and displaying a bogus message that their computer is infected with a variety of different viruses and Trojan horses. The hackers' aim is to scare unsuspecting computer users into purchasing a bogus security product. The attacks are known as SQL injections.

Sophos warns, however, that it would be trivial for the hackers who have compromised the webpages to alter the payload so that it became more malicious, and installed code designed to harvest confidential information from users, or turn innocent victims' PCs into botnets which the cybercriminals could use to launch distributed denial-of-service attacks and spread spam messages.

'There are millions of video game lovers around the world, many of whom will visit Sony's PlayStation website regularly to find out more about the latest console games. Most would never expect that surfing to a website like this could potentially infect them with malware. If users do not have sufficient protection in place then they might find that before they know it they have been scared into handing their credit card details over to a bunch of cybercriminals,' said Graham Cluley, senior technology consultant for Sophos. 'It is essential that all websites, especially high profile ones like this, have been properly hardened to prevent hackers from injecting malicious code on to what should be legitimate webpages.'

Sophos customers are automatically protected against the threats (which Sophos identifies as Troj/Iframe-AG and Mal/Badsrc), and users of other vendors' products are advised to update their software.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo