A security firm has claimed that hackers have "compromised" pages on the US Sony PlayStation website.
Sophos said that hackers used an SQL injection vulnerability to add unauthorised code to pages promoting PlayStation games SingStar Pop and God of War.
The malware comes up claiming to perform an antivirus scan and displays a fake message stating that the visitor's computer is infected.
The visitor is then advised to buy a bogus security product to clean up the problem.
Sophos warned that it would be "trivial" for the hackers who have compromised the web pages to make the malware even more malicious, installing code that harvests confidential information from users or turns PCs into botnet zombies.
"There are millions of video game lovers around the world, many of whom will visit Sony's PlayStation website regularly to find out more about the latest console games," said Graham Cluley, senior technology consultant at Sophos.
"Most would never expect that surfing a website like this could potentially infect them with malware.
"It is essential that all websites, especially high profile ones like this, have been properly hardened to prevent hackers from injecting malicious code into legitimate web pages."
The picture accompanying this article is of the pop-up that users are experiencing. Visit the Sophos webpage for more details.