Hackers hit Sony PS3 website

By

Hackers have "compromised" pages on the US Sony PlayStation website, a security firm claimed today..


Sophos said that cyber-criminals used an SQL injection vulnerability to add unauthorised code to pages promoting PlayStation games SingStar Pop and God of War.

The malware claims to undertake an antivirus scan and displays a fake message stating that the visitor's computer has been infected.

The visitor is then urged to purchase a bogus security product to clean up the 'infection'.

Sophos warned that it would be "trivial" for the hackers who have compromised the web pages to alter the payload so that it became more malicious.

They could install code designed to harvest confidential information from users, or turn innocent victims' PCs into botnet zombies.

"There are millions of video game lovers around the world, many of whom will visit Sony's PlayStation website regularly to find out more about the latest console games," said Graham Cluley, senior technology consultant at Sophos.

"Most would never expect that surfing a website like this could potentially infect them with malware.

"It is essential that all websites, especially high profile ones like this, have been properly hardened to prevent hackers from injecting malicious code into legitimate web pages."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
hackershitps3securitysonywebsite

Sponsored Whitepapers

Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21
Cut Cloud Costs Without Compromise: Discover mCloud by Micron21
Cut Cloud Costs Without Compromise: Discover mCloud by Micron21
What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape

Events

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise
"VoidProxy" PhishKit targets Google and Microsoft users

"VoidProxy" PhishKit targets Google and Microsoft users
Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip
First npm worm "Shai-Hulud" released in supply chain attack

First npm worm "Shai-Hulud" released in supply chain attack
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?