Thousands of unsuspecting visitors to a popular family website have been tricked into downloading malware.
Visitors to Flowgo who clicked on a pop-up ad running on its humour site were automatically directed to a booby-trapped site called KoolKatalog.
Once at KoolKatalog they were invited to input their email address into a digital slot machine, solve a puzzle and win a prize.
According to virus experts, code in the pages at KoolKatalog exploited a known flaw in an old version of the Java engine of Microsoft's Internet Explorer browser to covertly download files onto visitors' computers.
McAfee researchers have not yet completely worked out what the files do. Some files attach themselves to victims' browsers and covertly monitor the sites they visit while others enable the program's authors to secretly send updates or other files to the infected computer.
An install program switches off the firewall and grabs more files from one of two IntelliTech Web servers, online1net.com and wwws1.com.
Flowgo's owner, eUniverse, said IntelliTech's automatic redirects violated its ad policy, and pulled the pop-ups as soon as it learned what was happening.
Security experts have warned of a virus that can give intruders access to a user's computer, in a similar way to the method believed to have been used in the attack on Microsoft's corporate network.
V3.co.uk gets a walk through of the Hero, which includes HTC's new Sense overlay for Android
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
NetGear's four-bay compact network-attached storage gets a serious speed boost
Do you agree?
Have your say on this article