A nasty trend of Trojans and other drive-by downloads popping up on children's online-game websites, first noticed last fall on Chinese-language sites, has spread to the West.
Researchers at the Czech security company Avast compiled more than 60 sites that dumped spam, malware and redirects upon unsuspecting underage visitors.
"Games like these require clicking and children don't think much about what they are clicking on," Ondrej Vlcek, CTO of AVAST Software, said in a company press release. "This makes them — or their parents' computers — quite susceptible to malware."
The Avast researchers looked over the feedback data from their firm's anti-virus software clients and found that a site called CuteArcade.com had attempted 12,600 Trojan infections as of Jan. 10.
Other offenders included HiddenNinjaGames.com, Gamesbox.com and the French-language Jeux.com. There were German- and Spanish-language sites on the list as well.
The webmaster of HiddenNinjaGames.com told SecurityNewsDaily he could find no malware on his site, and suggested that Avast's software may have detected infections in third-party ads.
Sites infected with drive-by downloads can infect visitors' computers immediately. The only real defense is to have robust anti-virus software and to update it constantly.
The Avast researchers said that while most of the reported children's game sites seemed legitimate, a few seemed to have been set up primarily to deliver spam.
We tried to visit CuteArcade.com ourselves and were immediately met with a warning from our own anti-virus software.
The site's "Contact" page was completely blocked, so we checked the site's domain name registry, which showed that the site was run by a company called Two-Point-Oh based in the British Virgin Islands. Two-Point-Oh's own website, as of today, consisted of a single placeholder page.
Emails to the webmasters of CuteArcade.com, Gamesbox.com and Jeux.com were not immediately returned.