Sony PlayStation Site Victim Of Malicious Hack
Researchers at Sophos Labs, who first detected the attack, said in a blog posting that the purpose of the attack appeared to be an attempt to lure users into installing fake anti-virus software.
Once a user logged onto the affected PlayStation site, a malicious script was automatically released, which pretended to do an online security scan of the user's computer. Users then saw a bogus message, warning them that their PC was infected with numerous pieces of malware, and ocmpelling them to spend money on the useless software.
"The fact that the Sony PlayStation site has been attacked in this way suggests that someone with malicious intent could place other harmful malware there -- a worrying thought when you consider the number of consumers interested in video gaming," the blog post said.
The attack is similar to a spate of SQL attacks that researchers have seen in recent weeks. Earlier this week, hackers launched an attack on numerous domains that attempted to load a fake antivirus install site and then pretended to conduct an online scan followed by a bogus warning message alerting users to the possibility of various malware on their systems.
Users were then encouraged to download and run the executable installer.exe, which researchers detected as Mal/Packer. However, instead of a virus scanner, the user was actually downloading malicious files, all of which occupied the domains of Troj/Iframe-AG.
Sophos researchers noted that the attack was addressed and the site was clean as of July 3. Sony did not immediately respond to requests for communication from CRN.
The hack follows shortly after the release of Sony's much anticipated 2.40 firmware update for its PS3 on July 2, which was recalled just hours later after the company received numerous complaints that the updated system locked gamers' consoles.
Researchers say that cyber attackers often use high profile media events or well-trafficked sites as a vehicle to distribute malware to thousands or even millions of individuals for financial gain.
However, Sophos security experts maintain that the Sony PlayStation site was not specifically targeted, but just happened to be one of the many sites hit in the massive SQL injection attack.
Others similarly affected by the same attack include Web pages from a South African flooring comany, a Canadian pond supply comany, a liquor store in Massachusetts, and Brazilian and Chinese Government sites.