Sony PlayStation site succumbs to SQL attack

IT セキュリティ

SonyPlaystationサイトがSQLインジェクション攻撃を受けて改ざんされていて、偽のアンチウイルスソフトを入れさせるそうです。

Over the last few months we have mentioned the current wave of SQL injection attacks plaguing the web (1, 2, 3 and 4). Yesterday, we spotted that Sony’s USA PlayStation website - a high profile website with a large number of daily visitors (ref: Alexa) - had been the victim of an SQL injection attack.
The purpose of this wave of attacks seems to be to dupe users into installing the same fake anti-virus software we discovered on .MOBI websites earlier this week.

Sony PlayStation site succumbs to SQL attack – Naked Security

Visiting the affected PlayStation site runs a script that pretends to do an online security scan of your computer, and presents a bogus warning message that your PC is infected with a variety of different pieces of malware. Users frightened by the scareware ‘warnings’ might rush to spend money on useless software.

Sony PlayStation site succumbs to SQL attack – Naked Security

関連URL

screenshot