Sony has suspended its PlayStation 2.40 firmware upgrade following reports it has fouled up some users' systems — Sony has also removed hacked pages on its Playstation web site.

The 2.40 firmware update for the PlayStation 3, which adds several in-game access to the XMB (Cross Media Bar) home screen, custom soundtracks, a new trophy system, and a shortcut to Google searches, also has apparently caused some systems to malfunction.

While two PS3s at ZDNet.com.au's sister sites CNET News and one at Gamespot.com.au were able to install the update with no adverse effects, it appears that some users were less fortunate.

The flawed firmware upgrade is not the only danger facing Sony PlayStation users interacting with the site. Early Wednesday, antivirus vendor Sophos reported that some visitors to the Sony PlayStation site may have been prompted to download an antivirus scanner.

Pages promoting the PlayStation games SingStar Pop and God of War contained SQL-injected code. Visitors to those specific game pages would see a fake antivirus scan, then a message that their computer was infected with different viruses and Trojan horses. Warned, the user would then be asked to purchase the scanner to remove the bogus malware.

The injected code linking to the scanner has since been removed.

Sophos said the attack could have downloaded malicious payloads, but did not.

Security researcher Dancho Danchev said in his ZDNet blog that Sony wasn't alone. It was one of 794 domains hit in the latest automated SQL-injection campaign using a multilayer fast-flux superstructure built around coldwop.com. Over the last 90 days, Google reports that 794 domains have been infected with code pointing to that domain. These are legitimate sites with vulnerabilities that allow criminal hackers to inject code pointing to their servers.

With fast-flux, a registered domain name stays the same while its node changes frequently, presumably thwarting any attempts to shut down the server hosting malicious content.

Danchev concludes: "If you don't take care of your Web application vulnerabilities, someone else will."

Leave a comment

You must read and type the 6 chars within 0..9 and A..F

* indicates mandatory fields.

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff XP stays on life support for longer

    This week's Roundup looks at Microsoft's decision to extend the life of Windows XP, the release of Microsoft Surface SDK, Firefox's new Geode plug-in, Yahoo's new tool -- Smush It and more. Read more »

    -- posted by Staff

  • Chris Duckett The good and truly awful celluloid depictions of computers

    Ever wonder why your lawyer uncle leaves the room whenever you turn over to Boston Legal? Or why your forensic science cousin can't stand crime drama? You know the answer: it’s the horrid trivialisation and dumbing down of an occupation to make it appear entertaining. Sometimes it is so unbelievable that it actually hurts and yelling at the screen is the only outlet. Read more »

    -- posted by Chris Duckett

  • Brendon Chase Apple's iPhone engineers to tour Sydney, Melbourne

    Aussie developers will be able to get up close and personal with some of the iPhone engineers in November to learn how to build applications for the platform. Read more »

    -- posted by Brendon Chase

What's on?