Scammers and hackers are attacking children too young to read with a series of online games that trick kids into installing malicious software onto computers.
Games that invite kids to nurture online kittens, allow them to brightly color pumpkins and witches, or “spot the differences” between two similar images, are being laced with malware that could give scammers access to the kids’ parents financial data or recruit the kids’ computers into international networks, or botnets, aimed at further criminal activity.
“Some scams might raise suspicions of adults – particularly when they seek to install software on the computer or redirect computer users to suspicious web sites,” said Catalin Cosoi, head of online threats lab at Bitdefender. “So the scammers are going for easier targets. Kids are more easily tempted into click on that big green download button or flashing icon in hopes of having more fun. A four-year-old, obviously, isn’t worried about online banking vulnerabilities.”
Bitdefender analysts in the past week have discovered more than half a dozen different samples of eye-catching Flash games rigged with Trojans that could steer kids to web pages that install malicious software potentially capable of stealing financial information, recruiting the computers into a botnet or injecting spyware onto the machines.
Fig. 1 – Some Flash Games rigged with malware
A Bitdefender online survey concluded in July shows that about 46.6 percent of children in the U.S. and the U.K. have their own social network accounts and that 24.7 percent of parents don’t monitor their kids’ online activity. Of the 1,649 adults surveyed, 44.3 percent said their children had accessed sites that they shouldn’t have.
Particularly popular with children are games where they need to spot the differences, catch or destroy falling objects, search for two identical objects and make them disappear, to name a few. And these games are offered on most child-oriented sites.
Children, no matter how skilled they are, lack the sense of on-line danger. They know how to play a game, but they can’t discern between a game button and a malicious application designed to steal their parents’ bank account details or redirect the browser towards malware.
And if we take into consideration that millions of online games are distributed worldwide, then we might find ourselves in front of a major online problem.
Games are not the only online threats for children. Sites with educational and entertaining materials for children have been used to lure for young computer users.
Children are not aware of the threats lurking on the Internet and therefore don’t know how to avoid hazardous situations. That is why they have frequently been used as an instrument to infect parents’ computers. Here are some of the incidents targeting computers that have been recorded by Bitdefender:
· In 2010, a site where children “adopt” and grow virtual pets was exploited by cyber-criminals, who routed children to a spoofed website. Instead of a “Magic brush” application that would allow the little ones to change the color of their pets, they were offered malware.
· In early March 2011, an Italian “online kids land” was hacked and rigged with malware. All visitors were exposed to malicious applications.
· A recent study by Bitdefender revealed that users, including children, looking for Angry Birds souvenirs were exposed to malware via a compromised online website.
In all cases, the malicious code was planted following a successful hacking attack on legitimate, high-traffic websites.
Fig.2. Compromised websites
If you have a child that frequently uses the home computer, you should consider the following steps:
– Never let them use the computer while logged in as an administrator. This will allow kids to unknowingly install malicious applications. Instead, create a limited account with the child’s name. This will not only give them a sense of possession of the computer, but will also prevent them from installing applications, modifying critical system settings or deleting system files that might damage the operating system.
– Use an antivirus: some pieces of malware have been designed to run even on limited accounts. In this case, a good antivirus may be the last line of defense and may save you a lot of frustration.
– Use parental control: not all hacks performed against children’s sites lead to malware. Sometimes, cyber-crooks redirect little kids to pornography or violent content. Make sure you protect the development of your kids by restricting what kind of information can or can’t access while using the family computer.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.