Four year olds used to steal their parents' data
Posted on 23 Feb 2012 at 10:03
Davey Winder reveals how malware writers are tricking young children into installing trojans
One of the problems that isn’t addressed by many people – be they parents, media or even IT security vendors – is the relatively new, and totally despicable, practice of using very young children as a conduit to steal the valuable personal data stored on their parents’ computers.
How young? Well, how about pre-school age? BitDefender Online Threats Lab, one of the security vendors doing research in this area of cybercrime, uncovered a whole bunch of Flash-based games, colourful and attractive to young kids, which came complete with a trojan that has been designed to appeal to those same youngsters.
BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the colour of the virtual animal was enough to trigger redirection to an infected site
The games concerned are mostly of the virtual pet variety, including those “swipe the screen with a huge paintbrush to complete a picture” type that are so popular with very young children and their parents alike. Not a problem you say, because the parents would be required to install the application, or at the very least supervise their child when they first visit the website.
That’s where the scum behind these scams are being so clever, because most of these game sites are genuine enough, but have been compromised in order to insert a nice big “click here for more games” or just a “click here” button that then takes the clicker to a different site, where another game pops up or downloads while at the same time a remote access trojan (RAT) capable of stealing financial data is installed. Pretty fiendish, and likely to fool a financially profitable number of parents into allowing their kids to use these games unsupervised, or fail to notice when the bad stuff was being installed.
But worse still, BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the colour of the virtual animal was enough to trigger redirection to an infected site. Remember that the unsuspecting parents are not being required to take any great leap of faith here, because all the games in question were being hosted on legitimate and very high-traffic sites.
Parents whose computers are protected by security software and whose young children are protected by parental supervision during online play sessions are at far less risk of being caught up in all this, but it still causes me concern that people would sink so low as to exploit a four-year-old child who is hardly likely to be worrying about the security consequences of clicking that big green button.
The moral of this tale? Don’t use your laptop as a babysitter, and don’t be one of the 24.7% of parents who, according to BitDefender’s research, don’t supervise their young kids’ online activity.
To be honest, if you're the kind of person who is stupid enough to let a 4 year old child use an internet connected PC unattended, I struggle to muster any sympathy.
By flyingbadger on 23 Feb 2012
Anyone can be caught out
Even teenagers - all they need is "click here and install this software to download free Justin Beeber wall paper". It is not easy to teach people vigilence.
By qwerty on 23 Feb 2012
Please can you link to your source material if possible (I cant find the research on BitDefenders lab page)
By petehobo on 24 Feb 2012
Lots of warnings about 'click here' links
And at the bottom of the article?
A "Download lots of free goodies" link... Nice!
By greemble on 24 Feb 2012
Dastardly and stupid
@flyingbadger - I guess that you don't have children, but my 4.5yrs old likes playing angry birds in chrome or various counting, spelling etc. games on BBC website.
By radnor on 27 Feb 2012
A Security Question
I don't find it particularly surprising that malware writers would use children's programs as a way in. I don't even think it especially "dastardly" since it is not the children themselves who suffer. Even if they did, your average criminal hacking organisation is hardly likely to be worried about it.
I suspect that anyone who has had a four-year old will not be that amazed that their online use is not constantly monitored - parents, especially those in full-time employment, do sometimes have to do something else around the house or with another child. Anything that keeps a four-year old in still and (apparently) innocently occupied is a blessing.
What I wondered was why the four year-old was allowed on a computer account with installation privileges. I'm still learning Windows 7 (just as everyone else is talking about Windows 8!), but isn't it possible to nail down the computer so that trojans can't be installed?
This is a real query - no one else has said it, so I'm wondering if my understanding is at fault here.
By Philippa on 28 Mar 2012
How does supervision help?
What does the supervising adult see that stops this happening? If a swipe is all that is neccessary then why is a 40 year old gamer not equally at risk? If a dialog box appears asking if software is to be installed then surely the problem is not having an admin password, as Phillippa suggests?
By davids4kes on 10 May 2012
@greemble on 24 Feb 2012
"Lots of warnings about 'click here' links
And at the bottom of the article?"
Not to mention the green "far less risk" text in the penultimate sentence where simply moving the mouse over the word "risk" brings up a pop-up advert, whether you want it or not. Seems even adults can be scammed!
By smartermind on 27 Feb 2014
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book
- Quickest way to upload 1GB? Hop on a train
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Nokia XL review: first look
- Samsung Galaxy S5 review: first look
- IDC: iPad intertia opens door for Windows tablets
- Office 365 goes social with "Oslo" news feed
- Windows XP: upgrading 30,000 PCs in 30 days
- LibreOffice: ignore Microsoft's "nonsense" on government's open source plans
- Intel Xeon E7 v2 servers support 6TB of RAM
- Microsoft promises video calls between Skype and Lync
- Office for iPad due before July
- Windows 7 on business PCs gets an extension
- Windows apps land on Chromebooks with VMware
- Office 365 gets two-factor authentication