Slashdot Mirror

← Back to Stories (view on slashdot.org)

Children Used To Steal Parents' Data

Posted by samzenpus on from the virtual-fagin dept.

Barence writes "PC Pro's Davey Winder has revealed how pre-school children are being targeted by data thieves. Security vendors have uncovered a bunch of Flash-based games, colorful and attractive to young kids, which came complete with a remote access trojan. The trojan is usually installed behind a button to download more free games, but BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the color of the virtual animal was enough to trigger redirection to an infected site."

31 of 126 comments (clear)

  1. And parents wonder by houstonbofh · · Score: 4, Insightful

    And parents wonder why they can't let the kids use the work laptop. It's because we're Ogres! Ogres, Damnit!

    1. Re:And parents wonder by Aerorae · · Score: 2

      uh...keylogger software? You have to decrypt your documents to use them after all...

    2. Re:And parents wonder by Gerzel · · Score: 4, Insightful

      Depends on when the keylogger starts vs the login.

      If the two accounts are properly separated then the children's account should never have the access to install anything that could be run before the user login. Of course with Windows all bets are off.

    3. Re:And parents wonder by Endovior · · Score: 4, Insightful

      Virtual Machines. They're a beautiful thing. Trojans, viruses, keyloggers... who cares? Just revert your system back to the last snapshot, and it's like it never happened... and even the worst of what does happen, won't ever affect your important materials.

    4. Re:And parents wonder by shadowmas · · Score: 4, Interesting

      Generally yes. But remember that anything running on the VM is behind your routers firewall and might be in a more permissive network. So it can be used as a platform to execute a exploit to gain access to other machines on the network, the host machine or maybe even compromise the router/firewall (defualt passwords anyone?).

      I use VMs when I test applications if I'm not sure about its origin, but you should always be carefull about how it's network access and such.

  2. Well. by Anonymous Coward · · Score: 2, Funny

    At least SOMEBODY is thinking of the children.

    Too bad it's all priests and data thieves....

  3. What do you mean used to? by Jafafa+Hots · · Score: 4, Funny

    They still do!

    uh. um.

    nvrmnd

    --
    This space available.
  4. That's a relief. by TonTonKill · · Score: 3, Funny

    They used to steal it; I'm glad they stopped. I hope they learned their lesson.

  5. Using children to scam parents? Legal, apparently by Anonymous Coward · · Score: 2

    One word: Smurfberries.

  6. THINK OF THE CHILRENS by cosm · · Score: 3, Funny

    This calls for action. The internet must be cleaned up. All PC's must be outfitted with a Breathalyzer to ensure nobody is intoxicated while driving the mouse. Also, social security cards should be required for every transaction. Congress must solve this complex problem by instituting a 'no toddler left alone' policy by putting friendly DHS staff at the desk of every workstation in every house in the nation. Think of the jobs created! And the children saved! RealID Internet ID Security+ Cards (TM) will now be mandatory for all plebeians. Network monitoring will be installed on every home workstation per mandatory Child-Safe-Cloud-Initiative protocols. The Congress will pass laws dictating internet rationing, and you will be given 1/30 internets everyday. If you go over your internets, you will be taxed over 9000 E-Points, which will be filed on your 1040IEEE-Z form. Fingerprint-Retinal-Anal probes will be given to ensure the AAA during each online transaction. I, senator [INSERT NAME HERE] propose this bill to save the chilrens and this great nation that is under continual attack by anonymous super hackers.

    Or just watch the sites your kids go to until the come of proper age. And if at proper age they still are clicking on aforementioned items, well, not everybody can be speshul buttercup, eh mates?

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
  7. True that by parallel_prankster · · Score: 4, Interesting

    My nephews and niece did this when they used to visit my parents place. Within days of their visit my dad, who is not much of a computer person, will call me asking why windows has stopped working. I got a lot of software installed on their computer to monitor these things, yet somehow the kids always managed to install some crap. One good thing that happened was when they turned their attention to Ipads. It has apps on it that are kid friendly but haven't seen Viruses Trojans etc in Ipad apps yet.

    1. Re:True that by Dwedit · · Score: 4, Insightful

      No, with iPads, instead you have to worry about games where you pay for in-game goods with real money tied to the iTunes account.

    2. Re:True that by lindseyp · · Score: 2

      downloading 'cookie maker' or whatever game the 6yo is asking for also requires the password, and once daddy's entered it, it's valid for 15 minutes of all-you-can-eat smurfberries

      --
      j'ai découvert une démonstration vraiment admirable (de ce théorème général) que cette si
    3. Re:True that by Pausanias · · Score: 3, Interesting

      You can disable in-app payments globally on iDevices, and *that* requires a separate passcode to undo compared to the regular app installation password.

      Also, in my experience Apple are pretty good about refunding you money if things like this happen. Once I bought an expensive app for my parents and they charged it to my credit card rather than my gift card balance. I wrote them about it and they credited me back $50 and said they wouldn't charge me on my gift card either---freebee, just like that.

    4. Re:True that by mosschops · · Score: 5, Informative

      Settings -> General -> Restrictions -> Require Password -> Immediately

      No more 15 minute password caching :)

    5. Re:True that by tlhIngan · · Score: 2

      downloading 'cookie maker' or whatever game the 6yo is asking for also requires the password, and once daddy's entered it, it's valid for 15 minutes of all-you-can-eat smurfberries

      Not since 4.x, which all iPads are compatible with. Since 4.x, there's been a separation between the timer used for purchases done at the App Store and in-app purchases. Just because you downloaded an app and entered the password there, doesn't mean the in-app purchase can use the cached credential - you have to re-enter your password again to use in-app purchases (they're on separate timers).

      And hey, you can also enable it to always require a password on anything (ignoring the timer). It's hidden under a setting for authority figures . What was it, Children Restrictions? Authority Control Panel? Parental controls?

  8. Kids user accounts by smitty97 · · Score: 2

    How many two year olds know what a "login" is? Mine does. And my four year old has had one since she was little too. I dont let them use my account. They know how to switch to theirs and even (rightly, I guess) get mad when anyone doesn't use their own login. On the Mac, there's a pretty good whitelist of websites and you need admin privs to allow new applications to run.

    --
    mod me funny
  9. Flash-based games by PatPending · · Score: 3, Insightful
    Emphasis added:

    BitDefender Online Threats Lab, one of the security vendors doing research in this area of cybercrime, uncovered a whole bunch of Flash-based games, colourful and attractive to young kids, which came complete with a trojan that has been designed to appeal to those same youngsters.

    The article ends with this:

    The moral of this tale? Don't use your laptop as a babysitter, and don't be one of the 24.7% of parents who, according to BitDefender's research, don't supervise their young kids' online activity.

    How about not using Flash? (At least not on the kid's account!)

    BTW: Did you notice how BitDefender got mentioned a total of four times in seven paragraphs and one pull-quote?

    --
    What one fool can do, another can. (Ancient Simian Proverb)
    1. Re:Flash-based games by Samantha+Wright · · Score: 2

      I'm sorry, I (BitDefender) can't (BitDefender) hear you over the sound of how (BitDefender) awesome BitDefender is. (BitDefender)

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    2. Re:Flash-based games by gaspyy · · Score: 2

      The issue is not Flash games but tricking the users to download a trojan. I could have happen with HTML5 games as well or anything else.

      The solution: have a separate non-admin account for kids.

  10. Re:Pre-School? by parallel_prankster · · Score: 4, Informative

    It is cold here in the winter time so kids cannot go out much. There are only that many other things around the house that you can get them engaged in. Besides, the computer has some cool paint software that kids can play with. There is also one app on the Ipad (among the many) that teaches how to play piano. As long as you don't let them spend too much time on the computer and you can properly monitor their usage, it is fine for kids to be on the computer to get familiar with it.

  11. Wow, really? by GNUALMAFUERTE · · Score: 4, Funny

    "But worse still, BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the colour of the virtual animal was enough to trigger redirection to an infected site"

    No way! You mean a scripting language reacted to user input such as onMouseOver and executed a forbidden instruction such as redirecting the site, by exploiting a vulnerability in document.location.href? This is clearly ADVERTISEMENT for BitDefender who is mentioned throughout the article as a "researcher" while showing no actual "research".

    They are not actually talking about the attack vector, because they haven't found anything. They are essentially saying that a href is a vulnerability because it might lead to an "infected" (whatever that means) site.

    --
    WTF am I doing replying to an AC at 5 A.M on a Friday night?
  12. Re:Pre-School? by Adriax · · Score: 3, Informative

    My 4 year old daughter can navigate around youtube pretty easily, finding all the kitten and my little pony videos she could want. She's also smart enough to know which videos are bad and to stay away from them. Same goes for netflix.
    My 4 year old nephew can play solitaire with only a little help from grandpa. He also knows his way around several kids sites like pbs kids.

    It surprised me when my little one first used my computer, I have a trackball and it didn't faze her one bit.

    --
    I don't suffer from insanity, I enjoy every minute of it!
  13. Re:How about... by cloudmaster · · Score: 3, Insightful

    To be fair, these apps look like legit apps for children. It works much the same way as other malware which would fool most adults. It's not like all parents are computer security specialists - despite all the idiots who love to talk about how their ability to figure out sex suddenly grants them equivalent knowledge to doctors, teachers, bankers, cops, and whatever else they think parenting is equivalent to. :)

  14. Re:Pre-School? by ArsenneLupin · · Score: 4, Informative

    Where do you live, Antarctica?

    In Antarctica, it would be summer now.

  15. Re:Pre-School? by ArsenneLupin · · Score: 3, Funny

    This is my excuse for not going to work today: "it's cold outside".

    Last year, we did get a day off at work due to "excessive" amounts snow on the roads. Only trouble: management announced the "good" news via work e-mail...

  16. Re:Pre-School? by CProgrammer98 · · Score: 2

    Because it's the 21st century? We're no longer in the dark ages dude. My kids weer using computers at 3 and 4 20 years ago. It's nothing new. Computer literacy is just as important as reading, writing and math and the sooner the kids start, the better.

    --
    And the people shall be oppressed, every one by another, and every one by his neighbour Isaiah 3:5
  17. Re:Pre-School? by alex67500 · · Score: 2

    Where do you live, Antarctica?

    In Antarctica, it would be summer now.

    Still not awefully warm. It's one of the drawbacks of living on a giant ice cube...

  18. Re:Pre-School? by shadowmas · · Score: 3, Informative

    Why should the trackball faze her any more than any other object in the house. They are all new items as far as she is concerned. Whether they were invented 1 month ago or a 1000 years ago are irrelevant. Everything is new. She'd just learn using a trackball just like learning to use a cup or even walk.

    I like to think of the brain as a sponge and knowledge to be water. In kids it's like a dry sponge it has plenty of space and will absorb things quickly. We on the other hand have quite a lot of our spongie brain filled already for better or for worse.

    My nephew who is also 4 years old navigates youtube for his cartoon fix. And knows how to start any installed games. He also knows how navigate to flash game sites from history and knows not to click on ads :).

  19. Re:Pre-School? by ArcherB · · Score: 2

    Okay, so kindergarden is about five years old, right? So that means three and four year olds in "pre-school" (whatever that exactly is). Why, exactly, is a three or four year old using a computer?

    There are excellent educational applications and websites for children to use. My pre-schooler uses a site called Starfall that has done an awful lot in teacher her to read, count and do basic math. She absolutely loves it. It also increases in difficulty as she goes on.

    My daughter uses Linux exclusively and her account is quite restricted. Installed are the usual Tux apps, TuxPaint, TuxTyping and TuxMath, as well as the GCompris and ChildsPlay. Everything is fairly locked down and I can always increase or decrease availability as time goes on. For example, it will be no big deal to install an email program for her to email Grandma.

    All of this is running on my PC and I have not taught her how to log as herself so she can't use the system without me being there. However, it won't be long before I give her own PC with extremely limited access for her to use as she pleases. Again, with Linux, I'm not worried too much about viruses or other malware, and I can configure the system exactly how I want it to be.

    --
    There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
  20. Does this only affect Windows? by Murdoch5 · · Score: 2

    I'd like to think our kids are smart enough in this day and age not to download any free piece of software they see but if they aren't I have a good hunch this only affects Windows based computers which leads back to the parents making a bad platform choice :-).