Four year olds used to steal their parents' data

23 Feb 2012
Child

Davey Winder reveals how malware writers are tricking young children into installing trojans

One of the problems that isn’t addressed by many people – be they parents, media or even IT security vendors – is the relatively new, and totally despicable, practice of using very young children as a conduit to steal the valuable personal data stored on their parents’ computers.

How young? Well, how about pre-school age? BitDefender Online Threats Lab, one of the security vendors doing research in this area of cybercrime, uncovered a whole bunch of Flash-based games, colourful and attractive to young kids, which came complete with a trojan that has been designed to appeal to those same youngsters.

BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the colour of the virtual animal was enough to trigger redirection to an infected site

The games concerned are mostly of the virtual pet variety, including those “swipe the screen with a huge paintbrush to complete a picture” type that are so popular with very young children and their parents alike. Not a problem you say, because the parents would be required to install the application, or at the very least supervise their child when they first visit the website.

That’s where the scum behind these scams are being so clever, because most of these game sites are genuine enough, but have been compromised in order to insert a nice big “click here for more games” or just a “click here” button that then takes the clicker to a different site, where another game pops up or downloads while at the same time a remote access trojan (RAT) capable of stealing financial data is installed. Pretty fiendish, and likely to fool a financially profitable number of parents into allowing their kids to use these games unsupervised, or fail to notice when the bad stuff was being installed.

But worse still, BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the colour of the virtual animal was enough to trigger redirection to an infected site. Remember that the unsuspecting parents are not being required to take any great leap of faith here, because all the games in question were being hosted on legitimate and very high-traffic sites.

Parents whose computers are protected by security software and whose young children are protected by parental supervision during online play sessions are at far less risk of being caught up in all this, but it still causes me concern that people would sink so low as to exploit a four-year-old child who is hardly likely to be worrying about the security consequences of clicking that big green button.

The moral of this tale? Don’t use your laptop as a babysitter, and don’t be one of the 24.7% of parents who, according to BitDefender’s research, don’t supervise their young kids’ online activity.