Sony PlayStation website malware infection – revisited

Yesterday’s blog on “Sony PlayStation succumbs to SQL attack” raised some questions.

  • Is the site still infected?
  • What is scale of this attack?
  • Who else has been hacked?
  • Why mention Sony PlayStation?
  • How can I protect my site?

The good news it that when I visited the SingStar and God of War pages today, they are no longer infected with Mal/Badsrc-C.

The Sony PlayStation site was not specifically targeted in this attack. They just happen to have been one of many sites hit in the wide scale attacks. SophosLabs is tracking huge numbers of victim sites. Googling for other pages similarly affected emphasizes the scale of the problem, revealing more than a million victim pages across a variety of sites worldwide, including:

  • Brazilian and Chinese Government Sites
  • South African Flooring Company
  • A pond supply company in Canada
  • A liquor store in Massachusetts

We chose to blog about the Sony site based on considerations outlined in “What happens when we find an infected website?”.

Finally, you can take some simple steps to protect your website and your company image by following the steps in our blog article “Avoiding SQL injection attacks”.