Sony is having a real bad time of it these last couple of days, with the news this morning that the latest PS3 firmware update has been pulled . Now, it's been confirmed by IT firm Sophos that its US Playstation site has been hacked by an SQL injection attack that is currently spreading across the Internet.

Sophos say that:

"Visiting the affected PlayStation site runs a script that pretends to do an online security scan of your computer, and presents a bogus warning message that your PC is infected with a variety of different pieces of malware. Users frightened by the scareware 'warnings' might rush to spend money on useless software."

Graham Cluley, senior technology consultant says that the malicious code currently just tries to scare visitors to Sony's PlayStation site with bogus malware warnings, but it could just as easily install a keylogging Trojan.

"Most would never expect that surfing to a website like this could potentially infect them with malware. If users do not have sufficient protection in place then they might find that before they know it they have been scared into handing their credit card details over to a bunch of cyber-criminals," said Curley.

The problem isn't exclusive to the Playstation site, many other sites have also suffered from the same attack.

"It is essential that all websites, especially when they are high profile like this or receiving a large level of traffic, have been properly hardened to prevent hackers from injecting malicious code on to what should be legitimate webpages," warned Sophos.

Source :: Yahoo news