bit-tech.net

Sony site offers up malware

Sony site offers up malware

The JavaScript code injected into Sony's website attempted to coerce users into downloading malware.

When you're browsing the seedier parts of the 'net, you know to be on your guard – but you can trust Sony, surely? Not according to Sophos.

The anti-virus vendor has highlighted several pages on Sony's PlayStation 3 website that are currently peddling fake anti-virus software thanks to an automated SQL injection attack that has compromised over 700 servers worldwide. According to Sophos, visitors to the pages are treated to a fake scan for malware before being cajoled into downloading 'free' software to 'fix' the problems that are found.

Graham Cluley, a senior technology consultant at Sophos, states that most of the “millions of video game lovers around the world” would “never expect that surfing to a website like this could potentially infect them with malware,” and suggests that without adequate protection – like, say, the software produced by his employer – users are likely to find that “before they know it they have been scared into handing their credit card details over to a bunch of cybercriminals.

While protection on the desktop – whether that takes the form of a virus scanner or an alternative operating system – is important for end users, it has to be remembered that it's lax security on the part of a multinational corporation that has exposed users to unexpected threats. Although the SQL injection flaw that allowed the code to be inserted into the pages has since been fixed, there was an embarrassing delay between Sophos contacting Sony – and then rather rapidly publishing its article – and the hole being patched.

While I'm sure we all take adequate precautions when surfing the seedy underbelly of this world wide web, I can't help but wonder how many people would be fooled by something that appears to come from a large corporation like Sony.

Did anyone here spot the strange pop-ups when looking for SingStar downloads, or do we all run our browsers in paranoid mode no matter what the site? Share your thoughts over in the forums.

14 Comments

Discuss in the forums Reply
Paradigm Shifter 3rd July 2008, 11:47 Quote
I automatically run my browser in paranoid mode. :P

What I find stunning is that people are foolish enough to fall for this sort of nonsense. If I want an antivirus, I'll go looking for one myself! - I won't use one that was advertised in a popup on a site that is completely unrelated to antivirus programs. Honestly, it wouldn't hurt the average web user to engage their brain before clicking 'Yes' to everything.
Gunsmith 3rd July 2008, 11:55 Quote
if you fall for that then you are a ****ing idiot and dont deserve to be on the net.

just like most of the general population.
Arkanrais 3rd July 2008, 12:03 Quote
I disagree with the above. I know a lot of people whose knowledge of the workings of the internet and computers in general is pretty low and would (and have many times) fallen for these antics.
besides that, yay for the NoScript plugin for firefox.
Paradigm Shifter 3rd July 2008, 12:19 Quote
Quote:
Originally Posted by Arkanrais
I disagree with the above. I know a lot of people whose knowledge of the workings of the internet and computers in general is pretty low and would (and have many times) fallen for these antics.
In this case, then, the saying "Fool me once, shame on you. Fool me twice, shame on me," applies. Someone who doesn't know better - ie: the first time... fair enough, I feel sorry for them. Second time onwards... is there a lesson there that should be learned? Hm?

It all comes down to common sense. You don't have to be computer literate to display common sense... it just seems to be something that is sadly lacking in most people nowadays.
DXR_13KE 3rd July 2008, 13:03 Quote
Quote:
Originally Posted by president Bush
"Fool me once, shame on you. Fool me twice, shame on ......shame on.... you"
Quote:
“millions of video game lovers around the world” would “never expect that surfing to a website like this could potentially infect them with malware,”
*sneeze*rootkits*sneeze*
bowman 3rd July 2008, 13:17 Quote
Sony sappin' mah PC.. They want me to buy a PS3 instead. :o
Amon 3rd July 2008, 13:25 Quote
Wow, the reality is that we really need an Internet browsing license or some certification of some kind, for our own sake.
Timmy_the_tortoise 3rd July 2008, 13:25 Quote
I'm actually very lax with my browser...

I should probably tighten up, but I really couldn't care much less.. I never get any problems.. probably because I rarely browse dodgy pages.
Lazlow 3rd July 2008, 13:55 Quote
How is the operating system related to this? I find switching operating system to be an extreme solution. They could easily do this to a Linux site, with scripts that pop-up asking you to download Linux specific stuff. Nothing here is Windows related.
Anakha 3rd July 2008, 16:00 Quote
It does have to be said, from the screenshot above, that window looks quite convincingly like a windows prompt. For n00b users who don't know any better, how could they really tell that's not an alert from Windows? Especially with Windows Defender on Vista popping up things like this from time to time.
TurtlePerson2 3rd July 2008, 16:06 Quote
The sad thing is that most people would fall for something like this. My mother once downloaded one of these things 15 times trying to install it. Fortunately she was on a Mac and the program was written for Windows.
Colt 45 J 3rd July 2008, 20:42 Quote
I have my own antivirus, firewall, and antispyware, I would never trust any stupid windows warning logo on it, windows protection is crap. If it was a popup, and not from my antivirus I would know its not real.. how stupid can you get?
Major 3rd July 2008, 22:12 Quote
Of course everyone on here is going to say "idiots who click it" because this is a ****ing tech site for crying out loud, everyone on here knows a lot more than the average PC user.
ParaHelix.org 4th July 2008, 11:44 Quote
If anyone is stupid enough to accept an "Online security scan" then they deserve all the s**t they get lol.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums