Sony site offers up malware

Author: Gareth Halfacree
Published: 3rd July 2008
Comments (14) Stumble
The JavaScript code injected into Sony's website attempted to coerce users into downloading malware.

The JavaScript code injected into Sony's website attempted to coerce users into downloading malware.

When you're browsing the seedier parts of the 'net, you know to be on your guard – but you can trust Sony, surely? Not according to Sophos.

The anti-virus vendor has highlighted several pages on Sony's PlayStation 3 website that are currently peddling fake anti-virus software thanks to an automated SQL injection attack that has compromised over 700 servers worldwide. According to Sophos, visitors to the pages are treated to a fake scan for malware before being cajoled into downloading 'free' software to 'fix' the problems that are found.

Graham Cluley, a senior technology consultant at Sophos, states that most of the “millions of video game lovers around the world” would “never expect that surfing to a website like this could potentially infect them with malware,” and suggests that without adequate protection – like, say, the software produced by his employer – users are likely to find that “before they know it they have been scared into handing their credit card details over to a bunch of cybercriminals.

While protection on the desktop – whether that takes the form of a virus scanner or an alternative operating system – is important for end users, it has to be remembered that it's lax security on the part of a multinational corporation that has exposed users to unexpected threats. Although the SQL injection flaw that allowed the code to be inserted into the pages has since been fixed, there was an embarrassing delay between Sophos contacting Sony – and then rather rapidly publishing its article – and the hole being patched.

While I'm sure we all take adequate precautions when surfing the seedy underbelly of this world wide web, I can't help but wonder how many people would be fooled by something that appears to come from a large corporation like Sony.

Did anyone here spot the strange pop-ups when looking for SingStar downloads, or do we all run our browsers in paranoid mode no matter what the site? Share your thoughts over in the forums.
Quote Paradigm Shifter 3rd July 2008, 10:47
I automatically run my browser in paranoid mode. :P

What I find stunning is that people are foolish enough to fall for this sort of nonsense. If I want an antivirus, I'll go looking for one myself! - I won't use one that was advertised in a popup on a site that is completely unrelated to antivirus programs. Honestly, it wouldn't hurt the average web user to engage their brain before clicking 'Yes' to everything.
Quote Gunsmith 3rd July 2008, 10:55
if you fall for that then you are a ****ing idiot and dont deserve to be on the net.

just like most of the general population.
Quote Arkanrais 3rd July 2008, 11:03
I disagree with the above. I know a lot of people whose knowledge of the workings of the internet and computers in general is pretty low and would (and have many times) fallen for these antics.
besides that, yay for the NoScript plugin for firefox.
Quote Paradigm Shifter 3rd July 2008, 11:19
Quote:
Originally Posted by Arkanrais
I disagree with the above. I know a lot of people whose knowledge of the workings of the internet and computers in general is pretty low and would (and have many times) fallen for these antics.
In this case, then, the saying "Fool me once, shame on you. Fool me twice, shame on me," applies. Someone who doesn't know better - ie: the first time... fair enough, I feel sorry for them. Second time onwards... is there a lesson there that should be learned? Hm?

It all comes down to common sense. You don't have to be computer literate to display common sense... it just seems to be something that is sadly lacking in most people nowadays.
Quote DXR_13KE 3rd July 2008, 12:03
Quote:
Originally Posted by president Bush
"Fool me once, shame on you. Fool me twice, shame on ......shame on.... you"
Quote:
“millions of video game lovers around the world” would “never expect that surfing to a website like this could potentially infect them with malware,”
*sneeze*rootkits*sneeze*
Quote bowman 3rd July 2008, 12:17
Sony sappin' mah PC.. They want me to buy a PS3 instead. :o
Quote Amon 3rd July 2008, 12:25
Wow, the reality is that we really need an Internet browsing license or some certification of some kind, for our own sake.
Quote Timmy_the_tortoise 3rd July 2008, 12:25
I'm actually very lax with my browser...

I should probably tighten up, but I really couldn't care much less.. I never get any problems.. probably because I rarely browse dodgy pages.
Quote Lazlow 3rd July 2008, 12:55
How is the operating system related to this? I find switching operating system to be an extreme solution. They could easily do this to a Linux site, with scripts that pop-up asking you to download Linux specific stuff. Nothing here is Windows related.
Quote Anakha 3rd July 2008, 15:00
It does have to be said, from the screenshot above, that window looks quite convincingly like a windows prompt. For n00b users who don't know any better, how could they really tell that's not an alert from Windows? Especially with Windows Defender on Vista popping up things like this from time to time.
Quote TurtlePerson2 3rd July 2008, 15:06
The sad thing is that most people would fall for something like this. My mother once downloaded one of these things 15 times trying to install it. Fortunately she was on a Mac and the program was written for Windows.
Quote Colt 45 J 3rd July 2008, 19:42
I have my own antivirus, firewall, and antispyware, I would never trust any stupid windows warning logo on it, windows protection is crap. If it was a popup, and not from my antivirus I would know its not real.. how stupid can you get?
Quote Major 3rd July 2008, 21:12
Of course everyone on here is going to say "idiots who click it" because this is a ****ing tech site for crying out loud, everyone on here knows a lot more than the average PC user.
Quote ParaHelix.org 4th July 2008, 10:44
If anyone is stupid enough to accept an "Online security scan" then they deserve all the s**t they get lol.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.





Stats: 0.053 seconds