Researchers at Sophos Labs, who first detected the attack, said in a blog posting that the purpose of the attack appeared to be an attempt to lure users into installing fake anti-virus software.
Once a user logged onto the affected PlayStation site, a malicious script was automatically released, which pretended to do an online security scan of the user's computer. Users then saw a bogus message, warning them that their PC was infected with numerous pieces of malware, and ocmpelling them to spend money on the useless software.
"The fact that the Sony PlayStation site has been attacked in this way suggests that someone with malicious intent could place other harmful malware there -- a worrying thought when you consider the number of consumers interested in video gaming," the blog post said.
The attack is similar to a spate of SQL attacks that researchers have seen in recent weeks. Earlier this week, hackers launched an attack on numerous domains that attempted to load a fake antivirus install site and then pretended to conduct an online scan followed by a bogus warning message alerting users to the possibility of various malware on their systems.
Users were then encouraged to download and run the executable installer.exe, which researchers detected as Mal/Packer. However, instead of a virus scanner, the user was actually downloading malicious files, all of which occupied the domains of Troj/Iframe-AG.
Sophos researchers noted that the attack was addressed and the site was clean as of July 3. Sony did not immediately respond to requests for communication from CRN.
The hack follows shortly after the release of Sony's much anticipated 2.40 firmware update for its PS3 on July 2, which was recalled just hours later after the company received numerous complaints that the updated system locked gamers' consoles.
Researchers say that cyber attackers often use high profile media events or well-trafficked sites as a vehicle to distribute malware to thousands or even millions of individuals for financial gain.
However, Sophos security experts maintain that the Sony PlayStation site was not specifically targeted, but just happened to be one of the many sites hit in the massive SQL injection attack.
Others similarly affected by the same attack include Web pages from a South African flooring comany, a Canadian pond supply comany, a liquor store in Massachusetts, and Brazilian and Chinese Government sites.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
