Fake security scans followed by warnings that the user's computer is infected were popping up on several pages, with the aim of scaring surfers into buying the bogus cleanup software they were then redirected to.
"If users do not have sufficient protection in place they might find that before they know it they have been scared into handing over their credit card details to a bunch of cybercriminals," said Graham Cluley, senior technology consultant at Sophos.
The SQL-injected code has since been removed from the PlayStation site. However, it's one of nearly 800 domains infected automatically in a the latest wave of a massive originating in China.
The PS3 firmware update is currently unavailable from the site, due to unrelated technical issues.