Thousands of unsuspecting visitors to a popular family website have been tricked into downloading malware.
Visitors to Flowgo who clicked on a pop-up ad running on its humour site were automatically directed to a booby-trapped site called KoolKatalog.
Once at KoolKatalog they were invited to input their email address into a digital slot machine, solve a puzzle and win a prize.
According to virus experts, code in the pages at KoolKatalog exploited a known flaw in an old version of the Java engine of Microsoft's Internet Explorer browser to covertly download files onto visitors' computers.
McAfee researchers have not yet completely worked out what the files do. Some files attach themselves to victims' browsers and covertly monitor the sites they visit while others enable the program's authors to secretly send updates or other files to the infected computer.
An install program switches off the firewall and grabs more files from one of two IntelliTech Web servers, online1net.com and wwws1.com.
Flowgo's owner, eUniverse, said IntelliTech's automatic redirects violated its ad policy, and pulled the pop-ups as soon as it learned what was happening.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment