informa
Commentary

Player Beware: PS3 Site Hacks Can Game Your Systems

Whether or not you're a gamer, the detection of malware infestation on the Sony USA PlayStation Web site should give you pause. Compromises of popular commercial sites -- the sorts that employees and family members might visit, even if you don't -- are precisely the sort of thing that can have anything but a playful effect on your business.
Whether or not you're a gamer, the detection of malware infestation on the Sony USA PlayStation Web site should give you pause. Compromises of popular commercial sites -- the sorts that employees and family members might visit, even if you don't -- are precisely the sort of thing that can have anything but a playful effect on your business.Security firm Sophos identified the PS3 site infection as one that launches a fake anti-virus scan on the visitor's PC and then tries to get users to buy fake anti-virusware.

It's yet another SQL-injection attack, one of so many "yet anothers" that Microsoft issued this advisory about them.

What caught my attention about this one in particular -- they're all bad -- was, of course, the PlayStation connection.

But that, as they say, is just detail, where the devils live. It could be any large, extremely popular and essentially "acceptable" (i.e., not porn) consumer site that employees may feel free to visit on their own time on your equipment.

And it probably will be -- Sophos has estimated that a malware infection strikes a new Web page every five seconds: 12 a minute, 720 an hour, 24/7.

With an Olympics, a World Series and a presidential election looming you can imagine the sorts of big, extremely popular, consumer-acceptable sites that may well be targeted by the bad guys.

Even as small and midsize businesses wrestle with questions of how much or how little to let employees surf (or not) via company connections or on company remote and mobile equipment, and attempt to draw well-defined lines about appropriate and inappropriate content (porn, etc.) it's becoming clear that some "how to surf safe sites" policies must be put in place as well.

One good step -- shift your employees browsers to Firefox 3, which offers protection against these attacks.

Otherwise...

While it's unlikely -- and probably impossible -- to persuade your staff to steer completely clear of Web 2.0 enhancements, bells and whistles and video (and, alas, "online virus scans" and their ilk), it's also more than worth your while to issue regular reminders and warnings about the devils that may be lurking on otherwise acceptable sites.

Because, as the PS3 site-hack shows, the devils are already there and are spreading -- at the rate of one every seconds.

Recommended Reading: