Identify: For those using ASP code on their Web sites, another Microsoft tool can analyze the code and then output a display of the areas that are vulnerable to SQL injection. The tool also comes with documentation that actually tells users how to fix the different problems that could be found in the code analyzed. Download the Microsoft Source Code Analyzer for SQL Injection at Microsoft Knowledge Base Article 954476.
Fixing the actual root of the problem is important, Cluley says. A Web site that simply removes the injected code but doesn't patch up the exploit will find the code is re-inserted in short order by automated botnets.
It's not clear what steps Sony has taken with its Web site at this time. "We haven't heard directly back from their Web team," the Sophos consultant says.
ITBusiness.ca attempted to contact Sony, but did not receive a response.