CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 2nd, 2008

Sony USA PlayStation Website SQL Injected And Redirects Visitors To Fake Anti-Virus Scam

Sony’s USA PlayStation website, a website with a very large number of daily visitors according to Alexa, had been the victim of an SQL injection attack. Sony PlayStation’s site is another high trafficked web site that fall victim into the continuing waves of massive botnets (ASProx botnet for example) SQL injections.

The purpose of this wave of attacks seems to be to dupe users into installing the same fake anti-virus software SophosLabs discovered on .MOBI websites earlier this week. Numerous malicious websites making use of the unusual .MOBI top level domain attempted to load a script ‘AD.JS’ located in root of each site. This in turn attempted to load another website – a fake anti-virus install site. The site pretends to do an online virus scan:

A bogus warning message then displayed, saying that one or more of the following have been detected:

Trojan.Bakloma.A
Win32.Gattman.A
Trojan.Zapchas.F
JS.Blackworm.A
Trojan.Tibs.E
Win32.Netsky.P@mm
Trojan.Winsys
Trackware.Adctech2006
Downloader.TrafficSector
Adware.Roings

If you have seen/installed this software on your PC, consider running a trusted anti-virus as soon as possible, since your machine is infected.

After this, the user is encouraged to download and run an executable (installer.exe). This malware is detected as Mal/Packer by Sophos. If the installer was run, it installs more malicious files (Troj/FakeAV-AA) on the victim machine.

Visiting the affected PlayStation site runs a script that pretends to perform the same online security scan of your computer, and presents a bogus warning message you can see on the image above. Users frightened by the fake ‘warnings’ might rush to spend money on useless software.

The fact that the Sony PlayStation site has been attacked in this way suggests that someone with malicious intent could place other harmful malware there and infect a very high number of Sony PlayStation website visitors.

Sony PlayStation’s site hasnt been targeted by hackers, it’s been targeted automatically in between the rest of thousands of other pages that were SQL injected with a malicious coldwop.com domain (yet another SQL injection attack by Chinese hackers). There are no reports of hacked Sony PlayStation’s database or customers private details, the flaw in Sony’s website only allowed injection of redirection code that loads a script from malicious site.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Gamers Accounts Hacked In Sony Playstation Store
  • Sony PlayStation Network Breached, 77 Million Users Private Data Stolen
  • Fort William Mountain Bike World Cup 2009 Site Hijacked, Redirects Visitors To Rogue Anti-Virus Page
  • Sony Attacked Again, 1 Million Users Compromised At SonyPictures.com
  • PlayStation Network Investigates Intrusion, Down For Over 3 Days

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Sony USA PlayStation Website SQL Injected And Redirects Visitors To Fake Anti-Virus Scam

    One Response to “Sony USA PlayStation Website SQL Injected And Redirects Visitors To Fake Anti-Virus Scam”

    1. Greg Martin Says:
      July 2nd, 2008 at 2:13 pm

      If you are infected by these SQL Injection attacks, please address this immediately as your website could be infecting people with this garbage too…


    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.