Johannesburg, 04 Jul 2008
The US-based Sony PlayStation Web site has been compromised by hackers, says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
"Experts at SophosLabs have discovered that cyber-criminals have successfully used an SQL injection attack to plant unauthorised code on pages promoting the PlayStation games 'SingStar Pop` and 'God of War`," he says.
The hacker`s code attempts to dupe Web surfers by running a fake anti-virus scan and displays a bogus message that their computer is infected with a variety of different viruses and Trojan horses, Myroff explains.
"After pretending to scan your computer for malware, a bogus security warning is displayed." The hackers` aim is to scare unsuspecting computer users into purchasing a bogus security product, says Myroff.
Millions of video game lovers around the world visit Sony`s PlayStation Web site regularly to find out more about the latest console games, he says. "Most would never expect that surfing a Web site like this could potentially infect them with malware.
"If users do not have sufficient protection in place then they might find that before they know it, they have been scared into handing their credit card details over to cyber-criminals," Myroff says.
"It is essential that all Web sites, especially when they are high profile like this, or receiving a large level of traffic, have been properly hardened to prevent hackers from injecting malicious code on to what should be legitimate Web pages."
More threats
This week also saw a number of low-to-medium prevalence threats, including the Troj/Agent-HEH, Troj/Zbot-Z and Troj/Dloadr-BNN Trojans, says Myroff.
Another Trojan for the Windows platform is the Troj/Bckdr-QOD.
"Troj/DNSChan-B, also affecting Windows users, installs itself in the registry. It includes functionality to modify the DNS setting, access the Internet and communicate with a remote server via HTTP, and contains rootkit functionality," warns Myroff.
Share