Forgot your password?
typodupeerror
Crime Security IT

Children Used To Steal Parents' Data 126

Posted by samzenpus
from the virtual-fagin dept.
Barence writes "PC Pro's Davey Winder has revealed how pre-school children are being targeted by data thieves. Security vendors have uncovered a bunch of Flash-based games, colorful and attractive to young kids, which came complete with a remote access trojan. The trojan is usually installed behind a button to download more free games, but BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the color of the virtual animal was enough to trigger redirection to an infected site."
This discussion has been archived. No new comments can be posted.

Children Used To Steal Parents' Data

Comments Filter:
  • And parents wonder (Score:5, Insightful)

    by houstonbofh (602064) on Friday February 24, 2012 @12:33AM (#39144355)
    And parents wonder why they can't let the kids use the work laptop. It's because we're Ogres! Ogres, Damnit!
    • Re: (Score:1, Interesting)

      It is not all that difficult to create different account for the kids and ask them to use it religiously. I normally keep my home folder encrypted, so no matter how smart the Trojan is, will never get access to my data, as long as I am not logged in.
      • by Aerorae (1941752)
        uh...keylogger software? You have to decrypt your documents to use them after all...
        • by Gerzel (240421) <brollyferret&gmail,com> on Friday February 24, 2012 @01:42AM (#39144607) Journal

          Depends on when the keylogger starts vs the login.

          If the two accounts are properly separated then the children's account should never have the access to install anything that could be run before the user login. Of course with Windows all bets are off.

          • by kestasjk (933987) *
            Of course Windows has user and admin account types..
            • Of course Windows has user and admin account types.

              That's great if you get a parent that can understand the difference and enforce it. I was talking to my wife yesterday about the FCC wanting to enlist ISP's in the fight against various threats (bot networks, trojans etc). They really need to focus on end user education instead. Sure it's great for your ISP to tell you that you have a bot or some other threat on your computer but the damage is already done so what's the point in that. The people I talk to at work already know they have some kind of infectio

              • " The people I talk to at work already know they have some kind of infection that needs to be cleaned."

                I see the same thing all the time, and agree that education is the issue. Most of the people I talk to don't realize that the name of that some kind of infection is Windows!

        • If the kid does not have admin access, he can install a userland rootkit, userland keylogger, whatever, but it will not run when other users are logged in, for a few reasons.

          For one, non-admins can only add startup programs to their own per-user "startup" folder, or HKCU run key.
          For another, the only write access a malicious program would have is to the user's own folder, so it could not trick another user's profile into launching it.
          Finally, even if somehow another user's startup menu got a link to that ke

    • by Endovior (2450520) on Friday February 24, 2012 @03:34AM (#39145019)
      Virtual Machines. They're a beautiful thing. Trojans, viruses, keyloggers... who cares? Just revert your system back to the last snapshot, and it's like it never happened... and even the worst of what does happen, won't ever affect your important materials.
      • by shadowmas (697397) on Friday February 24, 2012 @05:18AM (#39145397)

        Generally yes. But remember that anything running on the VM is behind your routers firewall and might be in a more permissive network. So it can be used as a platform to execute a exploit to gain access to other machines on the network, the host machine or maybe even compromise the router/firewall (defualt passwords anyone?).

        I use VMs when I test applications if I'm not sure about its origin, but you should always be carefull about how it's network access and such.

        • by izomiac (815208)
          It seems like a good solution would be to use one of those commercial "Private Internet Access" type VPNs, and firewall the VM such that it has access to no network adapter except the virtual one. The VM gets unfettered internet access and your local network is safe (so long as nothing breaks out of the VM). IMHO, it'd be crazy to not have such a VPN if you have kid approaching puberty, given how their curiosity might be difficult for Big Brother to distinguish from your perversion.
      • Orrrrr, avoid all the hassle and make everyone non-admin, with a single "Installer" admin account with a password. UAC will take care of all of the magic.

        A friend set this up for my brother a few years ago, and I was seriously impressed with what a simple, great idea it is for home users: user cannot just "click next" (they have to consciously enter a password), and it really is easy to train them to use it.

        And if they get a virus, its pretty darn simple to login as installer, open Sysinternals Autoruns,

    • And parents wonder why they can't let the kids use the work laptop. It's because we're Ogres! Ogres, Damnit!

      Gotta use a separate machine. Pick up a discarded old XP machine, clean install, sandbox, chrome, that's all you need for small kids. Older kids might need more power, but they are a different story. Apps like DeepFreeze are useful there, because the 10-15 year old kids are THE single best way to destroy a windows install.

      • by Belial6 (794905)
        At $300 for a decent brand new machine, it makes sense to get a new machine for even small kids. Sure there are some people that just cannot afford it, but for most of us, spending $300 every couple of years on our kids isn't really that big of a burden.
        • by Hsien-Ko (1090623)
          Not even $300 would do. Just pay for so for a WinXP home license, and find a dropped Pentium IV 2GHz+ off the side of the road. It's more likely than you think.
          • by Belial6 (794905)
            I live in CA, so the electricity cost of running a P4 is more expensive than just buying a new computer.
  • Well. (Score:2, Funny)

    by Anonymous Coward

    At least SOMEBODY is thinking of the children.

    Too bad it's all priests and data thieves....

  • by Jafafa Hots (580169) on Friday February 24, 2012 @12:44AM (#39144405) Homepage Journal

    They still do!

    uh. um.

    nvrmnd

  • by TonTonKill (907928) on Friday February 24, 2012 @12:48AM (#39144423)
    They used to steal it; I'm glad they stopped. I hope they learned their lesson.
  • One word: Smurfberries.

  • by cosm (1072588) <<moc.liamg> <ta> <3msoceht>> on Friday February 24, 2012 @12:55AM (#39144463)
    This calls for action. The internet must be cleaned up. All PC's must be outfitted with a Breathalyzer to ensure nobody is intoxicated while driving the mouse. Also, social security cards should be required for every transaction. Congress must solve this complex problem by instituting a 'no toddler left alone' policy by putting friendly DHS staff at the desk of every workstation in every house in the nation. Think of the jobs created! And the children saved! RealID Internet ID Security+ Cards (TM) will now be mandatory for all plebeians. Network monitoring will be installed on every home workstation per mandatory Child-Safe-Cloud-Initiative protocols. The Congress will pass laws dictating internet rationing, and you will be given 1/30 internets everyday. If you go over your internets, you will be taxed over 9000 E-Points, which will be filed on your 1040IEEE-Z form. Fingerprint-Retinal-Anal probes will be given to ensure the AAA during each online transaction. I, senator [INSERT NAME HERE] propose this bill to save the chilrens and this great nation that is under continual attack by anonymous super hackers.

    Or just watch the sites your kids go to until the come of proper age. And if at proper age they still are clicking on aforementioned items, well, not everybody can be speshul buttercup, eh mates?
    • And don't forget -- every Internet sign-on will be preceded by a 30-minute documentary funded by the good folks at the RIAA and MPAA on the evils of copyright infringement!
    • Also, social security cards should be required for every transaction.

      As I'm not American, I won't be aloud on your "internet".

      This does not upset me.

    • All PC's must be outfitted with a Breathalyzer to ensure nobody is intoxicated while driving the mouse.

      If you're five year old daughter is drunk while using her PC, you've got more to worry about than the insecure software...

  • True that (Score:5, Interesting)

    by parallel_prankster (1455313) on Friday February 24, 2012 @12:55AM (#39144465)
    My nephews and niece did this when they used to visit my parents place. Within days of their visit my dad, who is not much of a computer person, will call me asking why windows has stopped working. I got a lot of software installed on their computer to monitor these things, yet somehow the kids always managed to install some crap. One good thing that happened was when they turned their attention to Ipads. It has apps on it that are kid friendly but haven't seen Viruses Trojans etc in Ipad apps yet.
    • Re:True that (Score:5, Insightful)

      by Dwedit (232252) on Friday February 24, 2012 @12:58AM (#39144481) Homepage

      No, with iPads, instead you have to worry about games where you pay for in-game goods with real money tied to the iTunes account.

      • by Telvin_3d (855514)

        Anything that involves money coming out of your iTunes account also requires a password. If you have given your 6-year-old the password to a real-money account you deserve whatever you get.

        • by lindseyp (988332)

          downloading 'cookie maker' or whatever game the 6yo is asking for also requires the password, and once daddy's entered it, it's valid for 15 minutes of all-you-can-eat smurfberries

          • Once you install, you can restart the tablet. And the authorisation is forgotten.

          • by Kjella (173770)

            downloading 'cookie maker' or whatever game the 6yo is asking for also requires the password, and once daddy's entered it, it's valid for 15 minutes of all-you-can-eat smurfberries

            It gets better, every purchase resets the timer so if you hand it to them 14 minutes later they have only one minute to make the first purchase but as long as they buy at least once every 15 minutes - not hard if the game is in the "you're out of berries, buy a few more" mode - it'll last the whole session. I think some kid here racked up almost $2000 in an hour's play. Hell, I've disabled in-game purchasing for myself to avoid accidents - if I should want it I'll go back and enable it on a case by case bas

            • by mattack2 (1165421)

              WRONG. You posted around 50 minutes AFTER the solution to this issue was already posted in this thread.

          • by tlhIngan (30335)

            downloading 'cookie maker' or whatever game the 6yo is asking for also requires the password, and once daddy's entered it, it's valid for 15 minutes of all-you-can-eat smurfberries

            Not since 4.x, which all iPads are compatible with. Since 4.x, there's been a separation between the timer used for purchases done at the App Store and in-app purchases. Just because you downloaded an app and entered the password there, doesn't mean the in-app purchase can use the cached credential - you have to re-enter your pass

      • Re:True that (Score:4, Interesting)

        by Pausanias (681077) <<pausaniasx> <at> <gmail.com>> on Friday February 24, 2012 @04:09AM (#39145129)

        You can disable in-app payments globally on iDevices, and *that* requires a separate passcode to undo compared to the regular app installation password.

        Also, in my experience Apple are pretty good about refunding you money if things like this happen. Once I bought an expensive app for my parents and they charged it to my credit card rather than my gift card balance. I wrote them about it and they credited me back $50 and said they wouldn't charge me on my gift card either---freebee, just like that.

      • Agreed - You CAN log out of the store which stops this from happening but there should be an auto-logout capability.

    • My nephews and niece did this when they used to visit my parents place. Within days of their visit my dad, who is not much of a computer person, will call me asking why windows has stopped working. I got a lot of software installed on their computer to monitor these things, yet somehow the kids always managed to install some crap

      So, did the kids also manage to install Windows, or did somebody else install that particular piece of crap?

      One good thing that happened was when they turned their attention to Ipads. It has apps on it that are kid friendly but haven't seen Viruses Trojans etc in Ipad apps yet.

      Finally one good use for Ipads :-)

  • by smitty97 (995791) on Friday February 24, 2012 @12:57AM (#39144477)
    How many two year olds know what a "login" is? Mine does. And my four year old has had one since she was little too. I dont let them use my account. They know how to switch to theirs and even (rightly, I guess) get mad when anyone doesn't use their own login. On the Mac, there's a pretty good whitelist of websites and you need admin privs to allow new applications to run.
  • Flash-based games (Score:4, Insightful)

    by PatPending (953482) on Friday February 24, 2012 @01:00AM (#39144491)
    Emphasis added:

    BitDefender Online Threats Lab, one of the security vendors doing research in this area of cybercrime, uncovered a whole bunch of Flash-based games, colourful and attractive to young kids, which came complete with a trojan that has been designed to appeal to those same youngsters.

    The article ends with this:

    The moral of this tale? Don't use your laptop as a babysitter, and don't be one of the 24.7% of parents who, according to BitDefender's research, don't supervise their young kids' online activity.

    How about not using Flash? (At least not on the kid's account!)

    BTW: Did you notice how BitDefender got mentioned a total of four times in seven paragraphs and one pull-quote?

    • I'm sorry, I (BitDefender) can't (BitDefender) hear you over the sound of how (BitDefender) awesome BitDefender is. (BitDefender)
    • How about not using Flash? (At least not on the kid's account!)

      Well that seems to be the iPad approach!

    • by gaspyy (514539)

      The issue is not Flash games but tricking the users to download a trojan. I could have happen with HTML5 games as well or anything else.

      The solution: have a separate non-admin account for kids.

    • I think all the posts so far have missed the point entirely.

      To me, anyone who targets a child's natural curiosity for that sort of exploitation is demonstrating just how badly the planets gene pool filters need cleaning.

      If, in the governments collective wisdom (now there is an oxymoron for you), they would re-instate the days when the post office posters said "wanted, dead or alive", which encouraged the bounty hunters to bring em back draped over a saddle, I think I might be interested in making a little e

      • Gene pool filter cleaning as it were. Removing the genes that think like that, has to be good for the race as a whole.

        Cheers, Gene

        Oh, the irony.

  • I have a problem with articles like this... a vague threat is made, that some Flash-based games that kids like to play also load trojans. Great. So, neither the writer of the article or Bit Defender say they know what games / sites to stay away from. Thanks. You know, some foods may cause cancer... so let's stop eating, okay?
    • I have a problem with articles like this... a vague threat is made, that some Flash-based games that kids like to play also load trojans. Great. So, neither the writer of the article or Bit Defender say they know what games / sites to stay away from.

      Read again what you wrote... the answer to your question in your last sentence is in your first sentence.

  • by GNUALMAFUERTE (697061) <almafuerte@gmPOL ... om minus painter> on Friday February 24, 2012 @01:41AM (#39144605)

    "But worse still, BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the colour of the virtual animal was enough to trigger redirection to an infected site"

    No way! You mean a scripting language reacted to user input such as onMouseOver and executed a forbidden instruction such as redirecting the site, by exploiting a vulnerability in document.location.href? This is clearly ADVERTISEMENT for BitDefender who is mentioned throughout the article as a "researcher" while showing no actual "research".

    They are not actually talking about the attack vector, because they haven't found anything. They are essentially saying that a href is a vulnerability because it might lead to an "infected" (whatever that means) site.

  • flash used to steal data. Nothing [new] to see here, move along.
  • My kids have their own computers and don't use mine.
  • by ledow (319597)

    What are pre-school children doing using the Internet unsupervised?

    What are pre-school children doing on a computer that lets them connect to the Internet at all (this is what NetNanny, software firewalls, etc. are FOR).

    What are pre-school children doing clicking on anything that they see on the screen?

    What are pre-school children doing using admin-level accounts that allow modification of any settings but their own?

    What are parents doing to allow all of the above and then complain about what happens to the

  • Kids stealing Parents data.. Hmm Identity theft..... Simple solution
    Do not tell your kid any of the following
    1. Your Birth Date
    2. Your Wife's/Kids Birthday (You were born that's enough why do you want to know when)
    3. Your mothers name. (Just call her grandma Ok.)
    4. Your Postal address zip code etc. (This is home... that is school... you walk from here to there...)
    5. Any of your family history.
    6. Anything else?

    That will teach those Imps to steal my data :-X
  • I'd like to think our kids are smart enough in this day and age not to download any free piece of software they see but if they aren't I have a good hunch this only affects Windows based computers which leads back to the parents making a bad platform choice :-).

That does not compute.

Working...