When you're browsing the seedier parts of the 'net, you know to be on your guard – but you can trust Sony, surely? Not according to Sophos.
The anti-virus vendor has highlighted several pages on Sony's PlayStation 3 website that are currently peddling fake anti-virus software thanks to an automated SQL injection attack that has compromised over 700 servers worldwide. According to Sophos
, visitors to the pages are treated to a fake scan for malware before being cajoled into downloading 'free' software to 'fix' the problems that are found.
Graham Cluley, a senior technology consultant at Sophos, states that most of the “millions of video game lovers around the world
” would “never expect that surfing to a website like this could potentially infect them with malware,
” and suggests that without adequate protection – like, say, the software produced by his employer – users are likely to find that “before they know it they have been scared into handing their credit card details over to a bunch of cybercriminals.
While protection on the desktop – whether that takes the form of a virus scanner
or an alternative operating system
– is important for end users, it has to be remembered that it's lax security on the part of a multinational corporation that has exposed users to unexpected threats. Although the SQL injection flaw that allowed the code to be inserted into the pages has since been fixed, there was an embarrassing delay between Sophos contacting Sony – and then rather rapidly publishing its article
– and the hole being patched.
While I'm sure we all take adequate precautions when surfing the seedy underbelly of this world wide web, I can't help but wonder how many people would be fooled by something that appears to come from a large corporation like Sony.
Did anyone here spot the strange pop-ups when looking for SingStar downloads, or do we all run our browsers in paranoid mode no matter what the site? Share your thoughts over in the forums